How much could a cyber attack cost the HMRC?
HMRC could face compensation claims of over £13 billion if it were to lose people’s personal and financial data as a result of a cyber attack, according to a new study by MIRACL.
The research, which surveyed the attitudes of 1,000 UK consumers about their personal security online, revealed that three-quarters of British citizens would expect to be compensated in the event of a data breach at HMRC in which their financial data was stolen. When asked how much they would expect this to be, the average amount the respondents suggested was £1,316.
With ten million people expected to complete their tax returns online by the end of January, if HMRC suffered a cyber attack in which this data was compromised, the organisation could face a potential compensation bill of £13,160,000,000.
The study highlights the pressures facing organisations as they try to protect their customers’ data in the face of growing cyber threats. Criminals often use these methods to steal sensitive data, which can be used to carry out identity fraud, and raid people’s bank accounts.
“Getting their hands on all the personal and financial data involved in a tax return is a cyber criminal’s dream. Armed with an individual’s banking and financial history, their employment information, date of birth, address and login details, a criminal could carry out a sophisticated identity theft. For instance, they could potentially take out a mortgage in that person’s name,” said Brian Spector, CEO at MIRACL.
“This is why the Government is now implementing stronger security measures through its Gov.UK Verify portal, which offers highly secure multi-factor authentication to protect UK citizens when they disclose personal information online, such as completing a tax return. Consumers must do everything in their power to protect their personal and financial information online, and stay vigilant to the threats posed by phishing emails and other scams,” Spector added.
If a criminal successfully applied for a mortgage in a victim’s name, the potential size of compensation claims could scale enormously. According to the latest figures from the British Bankers’ Association, the average value of a mortgage approved for house purchase in the UK was £175,700. With this in mind, British citizens are underestimating the value of identity theft by £174,384.
While the average compensation figure suggested in the research was £1,316, the highest number of respondents thought an even smaller figure was appropriate. The largest group, 22% of respondents, suggested a compensation amount of between £251 and £500, while just 14% realised the value of this data by proposing a figure of more than £5,000.
Spector continues, “The average consumer is worryingly innocent to the potential risks of data theft and identity fraud online. The truth is that criminals are harnessing ever-more sophisticated methods to steal personal and financial data, wreaking enormous damage to those involved. This is a multi-billion dollar business and so people must be vigilant.”
The study also outlines the wider reputational damage faced by organisations that suffer data breaches. The vast majority of those surveyed (85%) said that they would not use a website or online service again if their details were stolen from that website.
Spector continues, “Companies like TalkTalk who suffer a serious data breach face a multi-headed monster of problems. Not only are they presented with huge compensation claims from victims, but they also have to deal with serious reputational damage. This can lead to a mass exodus of customers and a sharp decline in share value. Cyber attacks aren’t just a problem for IT teams, but a real threat to an organisation’s survival.”