Is it worth spending 5 - 10 million on cyber security if the fines are only 2.2 million? I mean yes it is becasue there are other costs to being hacked - reputation, good will etc but I see how some companies don't take it that seriously.
Now is it worth spending 5 - 10 million on cyber security when the fines are 50 million? I'm glad the govt is forcing companies to take this seriously!