I'd imagine that Marriott self-reporting and cooperating with the ICO investigation can only help RE leniency.

If Marriot are caught again they can expect a far larger fine.

The board should be planning some proper security. A £50m capital budget and £5m a year revenue should be good enough.

Or they could set up an insurance fund for that kind of fine for similar money, and eventually that fund would be less expensive.

After all, you don't have such a leak every other week.

If they make no attempt to improve their security I suspect the next incident will cost them $800m. Be interesting to see who will insure them against that.

When the parent comment said "they could set up an insurance fund", I believe they didn't mean a literal contract with an insurance company, but a straight up savings fund set up by Marriott to be used in the future specifically for expenses like that.

That's still self insurance, and it's still going to hit them for $800m next time they have a leak.

Will have to be a big fund.

Of course. My comment was mostly directed towards the "interesting to see who will insure them against that" part.