Dive Brief:

• A new report from the United Kingdom parliament recommends fining businesses that become victims of cybersecurity attacks, according to a ZDNet report. 

• The biggest penalties would be imposed on companies that experience "continued vulnerabilities and repeated attacks."

• The report also recommended that a "portion of CEO compensation" be linked to effective cybersecurity.

Dive Insight:

Though the new report is focused on the U.K., consequences for any company that fails to adequately protect customer data may be imminent. Target’s CIO Beth Jacob was eventually ousted for the company’s cybersecurity failings, while the Federal Trade Commission has sued various companies over the past several years for failing to protect customer data.

As the full scope of the threat landscape emerges, tying executive pay to companies' cyber performance could provide additional incentive to work to adequetely protect the enterprise. 

The report points to U.K. telecom group TalkTalk as an example of a company that would potentially be fined substantially for repeated lapses in security under the proposal. On Oct. 23, 2015, TalkTalk was hit by a cyberattack affecting more than a million customers, ZDNet reported. The hack was the third for the company, and the company’s CEO, Dido Harding, eventually admitted that the company had "underestimated" cybersecurity.

Despite the major lapses in security, Harding was paid $4.1 million last year.

The proposal also recommends larger fines for companies that procrastinate or fail to report a breach.

"Failure to prepare for or learn from cyberattacks, and failure to inform and protect consumers, must draw sanctions serious enough to act as a real incentive and deterrent," said Jesse Norman MP, chairman of the Culture, Media and Sport Committee.