Britain’s data watchdog has fined major construction group Interserve with a £4.4m fine. This was due to a cyber attack stole personal and financial details for over 113,000 employees and the company failed to stop the attack.

This phishing attack was very unique as it occurred over two years ago, and the company broke data protection law by not taking action to prevent the attack from occurring in the first place. The  Information Commissioner’s Office (ICO) claimed that the company had outdated systems and a lack of end user education that resulted into a successful phishing attack.

In a statement by John Edwards, UK Information Commissioner,“Leaving the door open to cyber-attackers is never acceptable, especially when dealing with people’s most sensitive information. The biggest cyber-risk businesses face is not from hackers outside of their company but from complacency within their company.”

This incident should serve as a cautionary tale that one phishing email can cost your organization millions. New-school security awareness training can ensure your users have the proper training to spot and report any suspicious emails that come their way.