Logica survey reveals only 40% of UK organisations whose data is breached tell clients
LONDON – A survey conducted by IT and business services firm Logica reveals companies are failing to report data security breaches to clients. Some 60% of those who have experienced a data breach did not tell their clients and half failed to tell the police or authorities.
The study surveyed 300 public and private sector organisations in the UK over the past two months. The findings revealed more than half (57%) of those surveyed have “no idea” or understanding of the impact of a security breach on their business or organisation. A continued lack of engagement with the issue is evident, with just 16% of firms having a value-at-risk profile for information assets they own or control. Half of respondents believe security is solely an issue for the IT department.
Tim Best, director of enterprise security solutions at Logica, says: “Data losses put customers at risk and can lead to large contracts being withdrawn. With some organisations failing to disclose security breaches, this complacent attitude not only increases the likelihood of financial and reputational consequences but also highlights the inadequate security policies and protocols that UK organisations have in place. It is time to take action – it should be mandatory for all organisations to report significant breaches of confidential personal information to the Information Commissioner or their regulatory body. Only through mandatory reporting will the scale of the problem be understood, which will lead to the correct solutions being applied.”
The study also demonstrated many organisations lacked awareness of how to securely manage data and how to prevent a security breach. Only 30% were found to educate staff in IT security and information-handling procedures on a regular basis and less than a third employ a specific security incident response team. The survey also revealed that, while 63% of those surveyed hold personal data subject to EU data-handling regulations, only a quarter comply with ISO 27001/2, meaning companies are not adhering to security procedures when storing personal data.
More on Risk Management
ABSTRACT This experimental study investigates the behavior of banks in a large-value payment system. More specifically, we look at the reactions of banks to disruptions in the payment system and theway...
ABSTRACT Central counterparties (CCPs) performed extremely well during the recent financial crisis. Clearing through CCPs has since been promoted by legislators around theworld as a way to mitigate risk...
ABSTRACT Nonbanks such as central counterparties (CCPs) are a useful lens through which to see how regulators view the role of the lender of last resort (LOLR). This paper explores the avenues that are...
Nonbanks such as central counterparties (CCPs) are a useful lens through which to see how regulators view the role of the lender of last resort. The first paper in this issue, "Limiting taxpayer "puts":...
Sign up for Risk.net email alerts
Sponsored video: Elseware
Oxford professor David Vines argues that the carrot is as important as the stick
Sponsored webinar: IBM
Watch highlights of this year's London conference
There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.