IT professionals see need for data breach legislation
Companies should be obliged to report breaches, according to survey
Most people think the board would be responsbile for security breaches
Legislation such as the California Breach Law in the US should be implemented to curb the leaking of data and ensure greater transparency in the advent of an information breach, research claims.
Some 79 per cent of respondents to a survey by security vendor WebSense believe new laws are a good idea, while 64 per cent think the board would be held ultimately responsible if an information leak occurs.
'This survey illustrates that companies are still so busy fire-fighting external security threats that when it comes to information leakage they are failing to address the larger problem,' said Ross Paul, international product manager at WebSense.
'A proactive approach, ensuring the enforcement of well-defined policies to protect sensitive information, is a must from stopping it getting into the wrong hands.'
Internal threats such as data leakage through malicious intent or by accident, continued are the greatest concern to respondents, topping the poll at 59 per cent, a 15 per cent increase on the same survey conducted last year.
Just 10 per cent of respondents think companies are taking proactive action to tackle the problem, while 26 per cent think information leaks could cost an organisation as much as two to five per cent of its annual revenue.
If a medium UK company with a turnover of approx £5.6m experienced an information breach, it could cost them up to approximately £280,000.
Fifteen per cent believe most companies have experienced some form of data leak in the past 12 months.
'When data breaches do occur, there is a consensus amongst respondents that legislation should support the need for disclosure,' said Paul. 'With only five per cent surveyed believing that all companies are aware of information leakage incidents, it’s time for companies to actively take responsibility in detecting and protecting against this invisible threat.'