The head of the UK’s data watchdog has vowed to fine firms falling short on cybersecurity after warning “complacency” within companies is the “biggest cyber risk businesses face”.
The warnings come after the UK’s Information Commissioner’s Office (ICO) today fined British construction firm Interserve £4.4m over its failure to protect its employees’ data from cyberattacks.
Information commissioner John Edwards said companies should “expect a similar fine from my office” if they are found to have failed to have put proper protections in place.
The Interserve attack saw hackers use an email phishing scam to access personal data belonging to as many as 113,000 of the Reading construction company’s staff.
“This data breach had the potential to cause real harm to Interserve’s staff, as it left them vulnerable to the possibility of identity theft and financial fraud,” Edwards said.
The information commissioner warned companies that fail to monitor for suspicious activity, update their software, or provide proper training to staff will also be fined.
“Leaving the door open to cyber attackers is never acceptable, especially when dealing with people’s most sensitive information,” Edwards said.
“If your business doesn’t regularly monitor for suspicious activity…
