Firms ignoring risk of security breaches

60 per cent of companies that have experienced a data breach did not tell their clients

A new survey from business services firm Logica has found a remarkable lack of awareness about how to manage data and respond to the risks of security weaknesses in enterprise systems.

The study, released today, found that a minority of firms educate staff on how to cope with data breaches, or even how to handle information in the first place.

Logica said that just 30 per cent of firms educate staff in IT security, and roughly the same amount have an in-house team with the specific remit of handling security incidents.

Alarmingly, in this compliance-centric enterprise environment, only a quarter of firms are complying with ISO 27001/2, an international standard that covers security procedures when storing personal data.

Perhaps worse is the fact that firms are not reporting breaches to their clients. Logica said that 60 per cent of companies that have experienced a data breach did not tell their clients, and half failed to tell the police or authorities.

Tim Best, director of enterprise security solutions at Logica, said: "Data losses put customers at risk and can lead to large contracts being withdrawn.

"With some organisations failing to disclose security breaches, this complacent attitude not only increases the likelihood of financial and reputational consequences, but highlights inadequate security policies and protocols at UK organisations."

Overall the study found that 57 per cent of those firms surveyed had no understanding of the impact of a security breach on their organisation.