Comment by piva00
11 days ago
7 days of revenue, 1 whole week out of 52 that all of your workforce production went to pay a fine? Yeah, that's quite noticeable for a corporation.
11 days ago
7 days of revenue, 1 whole week out of 52 that all of your workforce production went to pay a fine? Yeah, that's quite noticeable for a corporation.
If this breach receives a fine in the top 5 fines ever issued in the entire history of GDPR enforcement.
Don't forget to subtract out the money they saved from reduced investment in security over that time, as well.
Noticeable? Sure. Nowhere near noticeable enough, though, in my opinion. Especially if we're serious about it and recognize this isn't going to be a top 5 fine.
Presumably if it's due to negligence (ie intentional lack of investment) it will happen again if the underlying issue isn't fixed. So you have to factor that in.
If it happens repeatedly presumably the percentage will go up.
I think the only way this gets written off is if saving the money opens you up to such a low level of additional risk that you don't reasonably expect the event to happen more than once (if ever). But if the risk level is actually that low (I don't believe this to be the case, just playing out a hypothetical here) then arguably they wouldn't be in the wrong.
To put this in regular person terms, 3% of a 6 figure salary is $3k. That's more than enough to get most people's attention.
We rightfully see corporations as amorphous entities but I wouldn't like to be the VP/director that this fine gets blamed on. As probably don't other adjacent management staff.
Right - comparing it to a percentage of revenue ignores the managerial aspect of someone having to explain to their boss or to Larry why the $100M budget they manage is going to be 100% over.