It has taken just over a year for the GDPR to bare its teeth, but this week saw just what companies are facing if they breach the regulation as both British Airways and the Marriott hotel chain each face mammoth fines.
The first to feel the force of the GDPR was British Airways, which faces a £183m penalty from the Information Commissioner's Office (ICO) for the data breach it suffered last year which saw the personal details and addresses of 500,000 users leaked.
The next day the ICO whacked the Marriott group with a £99.2m fine for its own data breach which saw hackers steal the records of 339 million guests.
Those fees dwarf the £44m fine that was lobbed at Google earlier this year by the French regulatory authority CNIL, which was the first big name to fall foul of GDPR.
The intended fines on British Airways and Marriott aren't even the maximum four per cent of turnover they could be facing.
As both companies reel from their bad news, will the channel see an uptick in spending on cybersecurity as other large organisations seek to avoid similar penalties?
Stephen Love, chief security consultant at Computacenter, believes there will "definitely" be increased spending on cybersecurity by large firms, based on customer comments he has heard this week.
"It's a wake-up call for companies," he said.
"The example has been set and it's now for other businesses to stand up and look at case examples and reinvigorate their strategies and policies. Customers are now looking at it with more seriousness and that it's not an idle threat. Without a doubt, it will reprioritise that thought process in people's minds."
However, Dan Bailey, director at cybersecurity MSP Altinet, said that there has already been a significant increase in the amount being spent on cybersecurity as it becomes a key point on the agenda for a growing number of businesses.
"The IT team - from CIO-level down to the IT administrator- understands the need for proper cybersecurity defensive, and they obviously want to have the best technology," he explained.
"But sometimes the spending doesn't get signed-off at board level when it's quite difficult to see if there will be a return on investment from that spending.
"I think now when you look at the potential fines from GDPR, then you see more success when the business case gets to board level and then that gets signed-off because the fines are eye-watering."
Areas of interest
The ICO has not yet formalised the penalties for British Airways and Marriott, and both organisations intend to appeal their respective fines.
In the airline's case, it was accused by the ICO of compromising the security of passengers by having "poor" security arrangements in place. The hotel group was penalised for not undertaking due diligence on the Starwood hotel chain's IT security when it acquired it in 2016.
As the fallout from these fines reverberates throughout the corporate world, large organisations may be taking stock of the areas of cybersecurity they are investing in - and increasing it.
Computacenter's Love believes a lot of companies will pile their money into increasing their encryption.
"We'll probably see a lot of knee-jerk reaction on spend on potential technologies that might not be the right fit because you tend to see that immediate reaction [when something like this occurs]" he explained.
"I think one thing that has been apparent over a number of years around legislation and GDPR is encryption. If you encrypt and update then you are protecting yourself in that respect, so I think we will see a lot of encryption services being purchased and solutions deployed because it's the last line of defence and if you have encrypted your data it can't be used once the hackers get to it."
Altinet's Bailey reckons the increasing migration towards the cloud is causing businesses to invest in securing cloud platforms.
"We're seeing a much bigger shift towards public cloud platforms like Office 365," he stated.
"Things like account takeover is definitely one area that we're seeing [an increase in investment] because of how Office 365 has changed, and how easily accessible it is over the internet rather than having an exchange server on-premise with the controls on-premise that are very difficult to get to. And so that kind of office 365 piece is becoming more and more relevant."
The liability dilemma
As more and more MSPs take responsibility for cybersecurity on behalf of large organisations, there could be somewhat of a grey area as to who bears the responsibility should a massive data breach occur.
David Lannin, CTO at Sapphire, had his personal details leaked as part of the British Airways data breach.
He believes that the channel should be reviewing contractual agreements, terms and conditions on the services provided in order to protect themselves against taking the blame.
"If there's a managed service provider that's culpable or that's responsible for not affording the proper protection around an organisation's data, and the customer's outsourced it to the managed service provider, it is their responsibility," he declared.
"You need to be looking at things like where that liability lies, Does it exclude or include data leakage.
"I think it is going to be really dangerous for the channel because you might find that managed service providers are faced with huge financial penalties because of a data breach on a customer's site that has suddenly had the ICO apply the four per cent of global turnover fine to them, and they're trying to pass that back to the channel.
"It could put a lot of managed service providers out of business if those liabilities aren't kept or excluded in agreements."
Execs from tech giants joined with the WWF and UN to champion Defra's new environmental guide
Hull city council partners with IoT specialist to connect services and systems
Opportunity for channel partners is 'incredibly rich', IBM Watson partner chief claims
Over 600 delegates descend on inaugural event bringing together women and men from the channel and end-user community
CRN investigates the recent rise in popularity of partner relationship management software and why the UK channel is slow to adopt it
Bosses from Softcat, Bechtle, CCS Media and Circle IT on what partners are up against next year
We round up 2019 in quotes from the channel's biggest names
CEO Glen Williams opens up on rationale for buying ISG Technology and why he is confident about economic growth next year
Commsworld will use cash injection to expand its network across the UK