You can be fined 4% of your annual revenue!

Starwood Properties had its reservation system hacked and leaked 339 million records, five million passport numbers, eight million credit card numbers. The company was unaware of the breach for a full four years!

Now, they have been fined $130 million by the  U.K.’s Information Commissioner’s Office (ICO). Yesterday we broke the news about British Airways being fined $229 million.

In two days the ICO has fined a third of a billion dollars and the week still has three more days in it.

“We are disappointed with this notice of intent from the ICO, which we will contest,” said Marriott’s chief executive Arne Sorenson, in a statement. “Marriott has been cooperating with the ICO throughout its investigation into the incident, which involved a criminal attack against the Starwood guest reservation database.”

Under the new GDPR regime, the ICO has the right to fine up to four percent of a company’s annual turnover.  Given Marriott made about $3.6 billion in revenue during 2018, the ICO’s fine represents about 3 percent of the company’s global revenue.

Update: Total 2018 Marriott revenue was $20.75B.

The ICO said Marriott will be given an opportunity to discuss the proposed findings and sanctions.

“The ICO will consider carefully the representations made by the company and the other concerned data protection authorities before it takes its final decision,” said the U.K. data protection authority.

This is yet another reminder that companies can be fined 4% of their annual revenue if they get hacked.

The biggest challenge companies face right now is they are unaware of this reality.

A single breach can fine you into oblivion.

Even if you have the means to pay, you also face reputational damage.

Companies have been put out of business because of a breach as customers quickly flee if they feel your organization is not safeguarding their data.

This is ESPECIALLY true in the B2B space where business realizes they are only as secure as their partners.

We have put together a list of cybersecurity essentials for every organization. We suggest you start here and get an expert into your office ASAP to make sure you are as secure as you can be.

British Airways and Starwood Properties are well-funded. They can afford the best of everything yet they were hacked.

What this tells us is that money is not the only answer when it comes to cybersecurity.

Quite often it is the culture that needs to change to acknowledge the reality that every business is a big, fat, juicy target of not only hackers but organized crime and nation-states who are constantly probing, looking for holes