The last week has seen cyber hacks or data breaches at Tesco, Boots, and Virgin Media hit the headlines. The breaches follow a continued pattern of organizations failing to take the necessary steps to thwart cyberattacks and to adequately protect their customers’ data. In the case of Boots and Tesco, hackers targeted customer loyalty accounts. For Virgin Media, it was a marketing database which allowed unauthorized access.

David Bicknell, Principal Analyst in the Thematic Research Team at GlobalData, a leading data and analytics company, offers his view:

“The threat from a cyberattack is one of the biggest dangers to a company’s business and reputation, but too many companies are not taking the cyber threat seriously enough. Breach announcements follow a familiar pattern in which a company belatedly puts its hands up, admits its error, and then plays down the seriousness of the breach. Some will then fight tooth and nail to reduce any financial penalty from the Information Commissioner.

“One of the principles of GDPR regulation is the requirement that organizations process data in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage. It’s nearly two years since GDPR came into force, and you’d have to question whether companies’ approaches to both cybersecurity and data protection have the necessary rigor to stop these breaches occurring on a regular basis.”