![\"yahoo-data-breach-comparison\"](\"http:\/\/54.201.249.27\/\/wp-content\/uploads\/2016\/09\/Yahoo-data-breach-comparison.jpg\")
A<\/span>t present, security failings are punishable with a fine of up to \u00a3500,000 from the Information Commissioner\u2019s Office (ICO). EU data protection rules due to come into force in 2018 will create penalties of up to 4pc of global revenues or up to \u20ac20m (\u00a317m), but it will be up to national regulators to enforce the rules.<\/p>\n It is unclear whether Britain will have to apply the legislation when it leaves the EU, or whether it might try to encourage companies to move to the UK by introducing a less-strict regime, as some have suggested.<\/p>\n The research, which surveyed 200 directors from companies with more than 500 employees, found that 71pc believe companies should be penalised for failing to meet basic cyber security requirements. A greater number – 77pc \u2013 believe that regulators should be tougher on companies that have inadequate defences.<\/p>\n Rob Cotton, NCC\u2019s chief executive, said big companies were often the most complacent about cybersecurity, with directors themselves refusing to take responsibility for safety.<\/p>\n \u201cFor years it hasn\u2019t been taken seriously enough in boardrooms across the country and while these results don\u2019t prove that it\u2019s now being managed appropriately, they do show that directors are realising that greater scrutiny and oversight from regulators and government will stimulate the necessary action and help drive-up standards,\u201d he said.<\/p>\n I<\/span>t comes after a string of attacks on big businesses in the last year, including\u00a0TalkTalk<\/a>,\u00a0British Gas<\/a>\u00a0and\u00a0LinkedIn<\/a>. TalkTalk was fined \u00a31,000 by the ICO earlier this year for failing to notify the regulator earlier.<\/p>\n <\/p>\n