Companies failing to disclose data breaches to clients says Logica.

Survey results launched today by IT and business services company Logica (LSE: LOG), reveal that companies are failing to report data security breaches to clients.

60 per cent of those who have experienced a data breach, did not tell their clients and half failed to tell the police or authorities.
 
The study conducted in conjunction with the e-media group, surveyed 300 public and private sector organisations over the last two months. The findings revealed that more than half (57 per cent) of those surveyed, have “no idea” or understanding of the impact of a security breach on their business or organisation.

A continued lack of engagement with the issue is evident, with just 16 per cent of firms having a “Value at Risk” profile for information assets it owns/controls; with half of respondents believing that security is solely an IT departmental issue.
 
Tim Best, Director Enterprise Security Solutions at Logica, commented on the findings: “Data losses put customers at risk and can lead to large contracts being withdrawn. With some organisations failing to disclose security breaches, this complacent attitude not only increases the likelihood of financial and reputational consequences but also highlights the inadequate security policies and protocols that UK organisations have in place. It is time to take action – it should be mandatory for all organisations to report significant breaches of confidential personal information to the Information Commissioner or their regulatory body. Only through mandatory reporting will the scale of the problem be understood, which will lead to the correct solutions being applied.”
 
The study also demonstrated a lack of awareness of how to securely manage data and a lack of knowledge of how to prevent a security breach among many organisations.

Only 30 per cent educate staff in IT security and information handling procedures on a regular basis, with less than a third employing a specific security incident response team.

The survey also revealed that while 63 per cent of those surveyed hold personal data subject to EU data handling regulations, only a quarter comply with ISO27001/2, meaning that companies are not adhering to security procedures when storing personal data.

Best adds: “Security should not be the sole responsibility of the IT department; it is a boardroom issue and the focus must be to protect the trust that clients have in an organisation. If you have experienced a security breach, it is essential to conduct a risk assessment to understand the issue and avoid a reoccurrence. All organisations must put in place mandatory services and policies which enable compliance with legal requirements and establish coherent, comprehensive and cost effective security controls and policies throughout the organisation”.
 
“It is clear from this survey that IT and security training remains a fundamental issue, with 70 per cent of those surveyed not training staff in IT security and information handling procedures. As employers now look to adopt flexible working initiatives, they must invest in a comprehensive security awareness policy to mitigate against potential information breaches.”
 

Share this: digg   del.ico.us   Newsvine   Reddit   Furl   technorati   Facebook

Comments (0)

Subscribe to this comment's feed

Name (required)

Email (required) (not published)

Website

Title

POST

By posting on this website you are agreeing to abide by our website comment policy and all posts are subject to the approval of the website editor. We will remove posts that contain offensive or threatening language, personal attacks on the writer or other posters, posts that are off topic and posts that are considered spam or specifically used to promote any commercial products or services. Any poster who repeatedly contravenes the policy will be banned from posting on the website.