No comments on covering any potential punitive fines…:
Insurance industry reacts
Following the announcement, Beazley international data breach manager Raf Sanchez commended Dixons Carphone’s actions in response to the discovered hacking.
“This breach and the speed with which management have moved to contain it and to communicate their efforts not just to regulators but also to the public shows just how important it is to be prepared,” commented Sanchez. “It is almost impossible to prevent breaches but if organisations want to survive these events they have to have a strategy to react and manage these incidents.”
Sanchez also noted that many are not ready for the complexities of the new mandatory breach reporting regime under the European Union’s General Data Protection Regulation (GDPR).
“This breach is the first significant incident under the new GDPR regime and it will be interesting to see how the UK’s privacy regulator, the Information Commissioner, reacts,” he said. “The ICO has previously fined organisations that have demonstrated serious failings with respect to breaches in the past with Yahoo being fined £250,000 over a breach involving 500,000 UK customers and TalkTalk having been hit with a £400,000 fine after 150,000 customers’ details were accessed.”
For CNA Hardy cyber head David Legassick, “this is a clear example of plan beats no plan.”
Calling cyber threat a boardroom risk, Legassick explained: “In our view, if the boardroom takes it seriously, then it becomes embedded within the culture. If the leadership are all on the same page, then legal, HR, IT, management, and all business units are also on the same page with them and the organisation is much better enabled to withstand an attack.
“Events like this underscore how important it is we never stop learning – making sure the company can capture in detail how, when, where, and why an incident occurred so there is a feedback loop that ensures each threat makes the cyber defence stronger.”
Meanwhile Baldock offered assurances that Dixons Carphone is determined to tackle cybercrime.