As the deadline for filing tax return looms ever closer, a new survey has revealed that a cyber attack on HMRC that caused the loss of personal and financial data would cost it billions in compensation.
Digital authentication provider MIRACL surveyed 1000 UK consumers, and found that three-quarters of them would expect to receive compensation in the event that such data was stolen on the back of a breach against HMRC.
The average amount of compensation respondents expected to receive was £1,316. Given that 10m people are expected to complete their online tax return by the deadline of January 31st that would leave HMRC with a potential compensation bill exceeding £13bn.
Brian Spector, CEO at MIRACL, said: "Getting their hands on all the personal and financial data involved in a tax return is a cyber criminal’s dream. Armed with an individual’s banking and financial history, their employment information, date of birth, address and login details, a criminal could carry out a sophisticated identity theft. For instance, they could potentially take out a mortgage in that person’s name."
HMRC would face an even bigger compensation bill were this to happen.
The British Bankers’ Association found that the average value of a mortgage approved for house purchase in the UK was £175,700, meaning that Brits are in fact underestimating the value of identity theft by £174,384.
Despite warning consumers to stay vigilant, Spector said that Government cyber security measures have improved. "Government is now implementing stronger security measures through its Gov.UK Verify portal, which offers highly secure multi-factor authentication to protect
UK citizens when they disclose personal information online," he said.
The cost of a cyber security breach goes beyond compensation too. 85% said that they would not use a website or online service again if data was stolen from it. While, avoiding using HMRC is more difficult than a commercial firm, this illustrates clearly the reputational damage suffered to organisations that are breached.
Spector said: "Companies like TalkTalk who suffer a serious data breach face a multi-headed monster of problems. Not only are they presented with huge compensation claims from victims, but they also have to deal with serious reputational damage."
He said that such incidents are "a real threat to an organisation’s survival."
TalkTalk suffered 7% of its broadband customer base moving over to a different provider in the last three months in the wake of a massive cyber attack that resulted in 4% of its customers’ data been stolen.