Nine out of 10 security leaders are more concerned about the threat of legal action than receiving regulatory fines following a data breach, according to new research.
Following these concerns, 91% of the 250 security leaders and data protection officers (DPOs), polled in a survey by Egress, revealed that they had taken out new cyber-insurance policies or increased their cover to protect themselves from any financial damage.
These concerns appear to be justified with just under half (47%) of consumers stating they would likely join a class-action lawsuit against an organisation that leaked their data.
Additionally, 67% said they were aware they had the right to take legal action against an organisation that experienced a breach which resulted in their data being exposed.
Tony Pepper, CEO, Egress said:
”The financial cost of a data breach has always driven discussion around GDPR – and initially, it was thought hefty regulatory fines would do the most damage. But the widely unforeseen consequences of class action lawsuits and independent litigation are now dominating conversation.
Organisations can challenge the ICO’s intention to fine to reduce the price tag, and over the last year, the ICO has shown leniency towards pandemic-hit businesses, such as British Airways, letting them off with greatly reduced fines that have been seen by many as merely a slap on the wrist.
With data subjects highly aware of their rights and lawsuits potentially becoming ‘opt-out’ for those affected in future, security leaders are right to be nervous about the financial impacts of litigation.”
Not to be missed at PrivSec Global:
GDPR Requirements and Digital Transformation - 8am on 22 June
Third Party Risk Management under GDPR: Ownership and Risks, Fines and Solutions - 9am on 22 June
Third Party Risk Management: Cybersecurity Expertise into Board Governance and a Company’s Digital Defense - 7am on 22 June