Fine is a different way of expressing that you are legally liable for the offence / lapse committed. Capita, a major UK outsourcing firm, was fined £14 million after a cyber-attack in March 2023 led to the theft of personal data belonging to 6.6 million people, including pension records, financial information, and criminal histories. The Regulator found that Capita had failed to implement basic security protocols and organisational safeguards. It was also unprepared to respond to the breach.
Controls did not match the risk at all. The attack was traced to an employee accidentally downloading a malicious file. The alert triggered went unresponded for 58 hours. The golden hour response rule was up in flames. During this delay, hackers deployed ransomware and exfiltrated nearly a terabyte of sensitive data from Capita's systems. The incident especially affected hundreds of pension schemes and led to the data appearing on the dark web. You can well imagine the plight of the victims.
Regulators initially proposed a £45 million fine but reduced it after Capita demonstrated cooperation, improved cybersecurity practices, and assistance to affected clients. The regulator and industry experts highlighted this case as a warning to large companies, emphasizing the need for proactive cybersecurity measures and corporate accountability in protecting personal information. The ecosystem in the process of creation should be made as near to foolproof.
Swift incident response is at the core of cyber secure existence. Robust security measures, and ongoing employee reskilling are a necessity to prevent and limit damage from cyber-attacks. For India, enhancing the implementation of its data protection law means mandating timely breach notifications and rigorous security audits. The rules are still hanging in mid-air. Are best practices such as zero-trust models and stronger regulatory oversight becoming the norm? If not, then we are in cyber rough weather.
DIGITAL VIGILANCE AND BEING FULLY RESPONSIVE ARE CRITICAL TO SAFEGUARDING DATA IN AN INCREASINGLY CONNECTED WORLD.
Sanjay Sahay
Have a nice evening.