Following on from the teams posts last week on the huge fines levied against BA and Marriott - Facebook have settled with the FTC for a record-breaking $5 Billion (just under 10% of their 2018 turnover); off the back of their Cambridge Analytica involvement.

Momentum really seems to have built around understanding the value of users data - and with GDPR fines starting to be levied in force against companies found to have been breached (and found wanting in their handling of the attack) I really think we're seeing the beginning of a new era of impactful fines against large and capable organisations.

The question of course is whether this will change behaviour - will Facebook and other data-handling platforms be more careful with who they interact with? Will the fines genuinely increase budget available for security? Are boards becoming aware not only of the reputational damage a breach might cause (which can always be dismissed - it won't happen to us) - but actually fearful of fines that amount to an appreciable percentage of a firm's annual turnover?

I do hope we see a positive reaction from the wider industry - but I believe we're only seeing the very start of what will become a fundamental change in our space.