BA and Marriott fines ramp up pressure to up cybersecurity

BA and Marriott fines ramp up pressure to up cybersecurity

The UK ICO’s move last week to hit British Airways (BA) and the Marriott hotel group with proposed fines totalling almost £300m for breaking laws protecting consumers’ data, is a stark reminder to companies that they will pay an expensive price if they fail to take cybersecurity seriously.

The fines by the ICO were imposed under General Data Protection Regulation (GDPR) rules introduced in May last year. In BA’s case, the pending fine of £183m issued under the new rules relates to an incident involving traffic to the BA website being diverted to a fraudulent site. Through the fake site, the personal data of around 500,000 customers was compromised.

Had BA followed best practice cybersecurity processes, it would not have been fined. The ICO’s investigation found that a variety of information was compromised by poor security arrangements at the company, including log in, payment card, and travel booking details as well as name and address information.

GlobalData’s Thematic Research Team has identified cybersecurity as one of more than 50 key tech themes that all CEOs must get to grips with.

Cyrus Mewawalla, head of thematic research at GlobalData commented, ‘‘Cybersecurity is one of the most disruptive of themes, both in terms of trust and reputation. A string of household names, from TalkTalk to Sony, have seen their business reputation put at risk by cybersecurity attacks.''

Check Point Software, Palo Alto Networks, Fortinet, and FireEye are some of the specialist network security companies identified by GlobalData as leaders in various aspects of the cybersecurity theme.

Others include identity management specialist Okta, defence and aerospace companies BAE Systems, Raytheon, Thales and SAIC, data analytics specialist Splunk, surveillance software company Verint Systems.

Mewawalla continued, “Cybersecurity is mission critical for every business. In today’s digital economy, it is essential that companies of every stripe can collect, store and adequately protect customer data and proprietary secrets.

“Failure to do so will significantly damage a company’s brand and reduce the quality of the product it produces, with a subsequent impact on revenues and profitability.

“They will also face significant fines if their cybersecurity processes do not follow best practice, as BA has found to its cost.’’ 

He added, “Traditionally, most companies have adopted a prevention-based approach to cybersecurity, but recent advances in technology areas like machine learning are enabling a move towards active detection of threats.

“This allows pre-emptive action to be taken to stop breaches before they occur and also serves to free up resources currently occupied with chasing false positives from existing, more reactive systems.

“Spending on artificial intelligence (AI)-infused cybersecurity tools will increase significantly over the coming years.”