A survey released late yesterday has found that less than half (40 per cent) of organisations affected by data breaches actually bother to tell customers what's happened.
Half failed to inform the police or authorities, according to the alarming research findings unveiled by consultancy firm Logica and the e-media group, who surveyed 300 public and private sector organisations.
More than half (57 per cent) of these companies also said they had "no idea" or understanding of the impact of a security breach on their business. And nearly the same percentage believed security was the responsibility of the IT department.
But only 30 per cent of those questioned educated staff in IT security and information handling procedures on a regular basis, while less than a third employ a specific security incident response team.
And, although 63 per cent held personal data subject to European (EU) data handling regulations, only a quarter comply with the ISO27001/2 security standard for storing personal data.
The survey certainly gives weight to other research released yesterday that suggested Brits want data breaches criminalised because of high levels of mistrust over companies handle their data.
But it also strengthens yesterday's call from the Information Commissioner's office that Brits should also exercise their Data Protection rights and proactively manage the personal held on them.
Tim Best, director of enterprise security solutions at Logica, said the survey showed up the inadequate security policies and protocols that UK organisations have in place.
But he went further, adding: "It is time to take action it should be mandatory for all organisations to report significant breaches of confidential personal information to the Information Commissioner or their regulatory body. Only through mandatory reporting will the scale of the problem be understood, which will lead to the correct solutions being applied."
Best also said security should not be the sole responsibility of the IT department. "It is a boardroom issue and the focus must be to protect the trust that clients have in an organisation," he said.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
ICO admits it's too slow dealing with complaints – so it's eying up automation to cut staff workloadsNews The UK's data protection authority has apologized for being slow to respond to data protection complaints, saying it's been overwhelmed by increased workloads.
-
“Limited resources” scupper ICO probe into EasyJet breachNews The decision to drop the probe has been described as “deeply concerning” by security practitioners
-
Surge in workplace monitoring prompts new ICO guidelines on employee privacyNews Detailed guidance on how to implement workplace monitoring could prevent data protection blunders
-
TikTok could be hit with £27m fine for failing to protect children's privacyNews Social media firm issued with a notice from the ICO for potential violations of UK data protection laws
-
What is AdTech and why is it at the heart of a regulation storm?In-depth The UK data regulator has come under heavy fire for consistently delaying much-needed action, privacy groups say
-
ICO crackdown on AI recruitment part of three-year vision to save businesses £100 millionNews ICO25 outlines a fresh approach that involves releasing learning materials, advice, and a new ICO-moderated discussion forum for businesses
-
Clearview AI fined £7.5m over improper use of UK dataNews Australian facial recognition firm collected 20 billion images from the internet without consent in order to build its database
-
UK data watchdog cut IT spending by £1.2 million during pandemicNews The ICO’s IT budget has been slashed by around 23% since 2019
