Key takeaways

• On 30 September 2016 the UK’s Information Commissioner’s Office fined TalkTalk Telecom Group a record £400,000 for data security failings that allowed a hacker to access almost 157,000 customers’ personal information.
• The monetary penalty serves as an opportunity for companies to reassess their cybersecurity risk profile – particularly in the context of mergers, acquisitions, and post-M&A integration – and ensure that their systems and controls meet regulators’ latest expectations.
• Companies that do not, could find themselves on the receiving end of fines as high as 4% of worldwide turnover come May 2018 when the EU General Data Protection Regulation enters into force.