Brands face steeper penalties for cybersecurity failures after TalkTalk hack

Companies might face steeper fines if they don't do enough to protect customer information, if MPs have their way.

TalkTalk hack: should brands face higher penalties for security failures?
TalkTalk hack: should brands face higher penalties for security failures?

The government was urged yesterday to raise penalties against companies who don't have adequate cyber-security in place, in the wake of a major attack on TalkTalk.

MPs asked culture minister Ed Vaizey to consider raising the maximum fine that can be imposed by the UK's data watchdog, which currently stands at £500,000.

Vaizey confirmed that he would meet with the Information Commissioner's Office (ICO), but stopped short of actually promising higher fines.

He said: "[The ICO] has extensive powers to take action and, indeed, to levy significant fines. The government are  always open to suggestions about how that could be improved.

"I will certainly meet the Information Commissioner to look at what further changes may be needed in the light of this data breach."

Whether brands have anything to fear remains in doubt, given the ICO's record of imposing fines.

It is rare for the Information Commissioner's Office (ICO) to slap companies with the maximum penalty, despite a growing cyber-security threat.

In fact, the total value of fines issued by the ICO has halved in the last year, despite the number of complaints remaining level.

According to the Register, the ICO issued £1.1m in penalties across 14,268 complaints. That's down from almost £2m in fines the prior year across 14,738 concerns. In May, the data watchdog said it wasn't concerned with fining companies "left, right and centre".

That's of scant consolation to the unknown number of TalkTalk customers affected by last week's hack. Experts peg the number of customers affected at around 400,000.