Businesses around the world have been warned to be prepared for a raft of new cyber security rules in the coming months and years that will require them to put much tougher defences in place or face the prospect of large fines.
The Financial Times reports that such measures have risen to the top of regulators' agendas as hacking attacks have become larger, more frequent and more sophisticated. In the UK, for example, telecommunications provider TalkTalk was the latest firm to fall victim to a high-profile data breach, while the US has seen several large-scale attacks, from Home Depot to the Office of Personnel Management, that have compromised millions of customer and employee records.
As a result of incidents such as these, governments are working quickly to introduce new rules that will require organisations to build stronger defences. The European Union is taking the lead on this, with the bloc expected to bring in tough rules that could mean multimillion-dollar fines for non-compliance, possibly as soon as the end of the year.
Among the proposals being considered for businesses that experience a privacy breach is a fine of either five per cent of their global turnover or €100 million, whichever is larger.
Such a rule would see data protection rules treated similarly to antitrust regulations, and had it been in place for the TalkTalk breach, it would have wiped out almost all of of its pre-tax profits for last year.
Naturally, businesses have expressed concerns with such proposals, with some industry figures warning that tougher cyber regulations will lead to spiralling costs. In order to address these concerns, people with knowledge of the EU discussions expect a compromise, with fines far larger than those currently available to regulators, but smaller than the five per cent of turnover currently on the table.
One British official told the Financial Times: "It is the UK's aim that the regulation strikes the right balance between the protection of personal data and not imposing disproportionate burdens on organisations that process data for legitimate purposes."
Aside from the threat of regulatory action, the overall cost of cyber crime is rising fast. Figures from the Ponemon Institute claim that in the UK, data breach expenses rose by 14 per cent last year, with financial services, utilities and communications companies the worst affected.
As a result, these firms have devoted large resources to boosting their defences. The Financial Times noted that the financial services sector, for instance, has spent hundreds of millions of dollars on the latest technologies and the best experts, with cyber security personnel hired from government spy agencies and notorious hacking groups.
However, experts have warned that significant issues remain in 'second tier' companies, such as retailers and communications groups. These businesses have less formal interaction with authorities, so may not fully appreciate the regulatory risk they face, despite the fact they hold sensitive customer details and will therefore be vulnerable to attacks.