Individuals convicted of unlawfully obtaining or selling personal data should serve up to two years in prison, according to a new report from the UK’s culture, media and sports committee.

While the inquiry resulting in the paper was set up directly as a response to last year’s data breach at TalkTalk, the committee stated that as cybercrime is widespread and growing, its findings have a wide reach.

For example, a 2015 report from PwC report found that 90% of large organizations have experienced a data breach, while a government commissioned paper from 2016 reported that 25% of companies experience a ‘cyber-breach’ at least once a month.

Worryingly, 40% of these security breaches are accidents on the part of employees, contractors and third party suppliers, suggesting low awareness and inadequate cybersecurity and data protection strategies.

The committee also warned that when it comes to cybersecurity, it is not enough for companies to say that they were not aware. Bosses, in particular, need to be better prepared.

As such, to ensure accountability, the committee suggested that a “portion of CEO compensation” should be specifically linked to cybersecurity protection.

“Failure to prepare for or learn from cyberattacks, and failure to inform and protect consumers, must draw sanctions serious enough to act as a real incentive and deterrent,” said Jesse Norman, chair of the committee.

It also recommended that the government take action to increase people’s understanding around scams by initiating large-scale public-awareness raising campaigns.

“Everyone must take the lessons from the TalkTalk breaches as a wake-up call – both in how they prepare to prevent cyberattacks, and in how they deal with their consumers when those attacks occur,” said Mr. Norman.

Crucially, the MPs advocate that best-practice standards for cybersecurity need to be set at governmental level, in order to protect consumers and maintain Britain’s place at the top of the internet economy.