Everyone knows that cybersecurity is important, particularly as cyber criminals are using increasingly sophisticated methods to hack into large company networks. But it can be frustrating when you can’t use a certain app that would make team communication easier, and time consuming to have to go through multiple security checks to access systems and files. This often leads to complacency among employees, sometimes even within IT security teams. 

However, do you know the potential cost of complacency, beyond the potential damage of a cyber attack?

Fines for complacency

By relaxing your security processes, you don’t only risk financial and reputational damage by online criminals. You also risk a hefty fine from regulators, as was the case for CapitalOne after a security breach in 2019.    

And regulators have been seen to be cracking down on this in recent months. In October 2022, the UK’s data watchdog – the Information Commissioner’s Office (ICO) – issued a £4.4m fine against Interserve Group for failing to keep the information of its staff secure after the data of 113,000 employees was compromised following a phishing attack. This incident led the ICO to state that “complacency” is the biggest threat to corporate Britain’s cybersecurity.

A global issue

Similarly, in the US, the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) recently fined 16 finance companies a total of $1.71bn for failing to monitor the use of unauthorised apps, such as WhatApp. In this instance, the penalties were issued with no link to a previous security breach. 

This goes to show that, even if you don’t get hacked by criminals, you still run the risk of financial and reputational damage from the regulators unless you develop and maintain robust cybersecurity measures.