ICO warns of ‘complacency’ in fining Interserve $5M under GDPR


The head of the U.K. Information Commissioner’s Office (ICO) warned companies not to ignore “crucial measures” to prevent cyber incidents following the regulator’s decision to fine construction firm Interserve 4.4 million pounds (U.S. $5 million) for failing to secure employee personal information.

“The biggest cyber risk businesses face is not from hackers outside of their company but from complacency within their company,” said U.K. Information Commissioner John Edwards in a news release Monday. He added organizations are leaving themselves vulnerable to cyberattacks by ignoring simple measures like updating software and training staff.

The ICO determined Interserve breached the U.K. General Data Protection Regulation (GDPR) by failing to keep the personal information of its 113,000 staff secure when it suffered a ransomware attack. Between March 2019 and December 2020, the ICO said the company, which is in the process of being broken up, failed to take appropriate technical and organizational measures to protect personal data.

lock iconTHIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.