Clients kept in the dark over data breaches, says survey
Logica survey reveals only 40% of UK organisations whose data is breached tell clients
LONDON – A survey conducted by IT and business services firm Logica reveals companies are failing to report data security breaches to clients. Some 60% of those who have experienced a data breach did not tell their clients and half failed to tell the police or authorities.
The study surveyed 300 public and private sector organisations in the UK over the past two months. The findings revealed more than half (57%) of those surveyed have “no idea” or understanding of the impact of a security breach on their business or organisation. A continued lack of engagement with the issue is evident, with just 16% of firms having a value-at-risk profile for information assets they own or control. Half of respondents believe security is solely an issue for the IT department.
Tim Best, director of enterprise security solutions at Logica, says: “Data losses put customers at risk and can lead to large contracts being withdrawn. With some organisations failing to disclose security breaches, this complacent attitude not only increases the likelihood of financial and reputational consequences but also highlights the inadequate security policies and protocols that UK organisations have in place. It is time to take action – it should be mandatory for all organisations to report significant breaches of confidential personal information to the Information Commissioner or their regulatory body. Only through mandatory reporting will the scale of the problem be understood, which will lead to the correct solutions being applied.”
The study also demonstrated many organisations lacked awareness of how to securely manage data and how to prevent a security breach. Only 30% were found to educate staff in IT security and information-handling procedures on a regular basis and less than a third employ a specific security incident response team. The survey also revealed that, while 63% of those surveyed hold personal data subject to EU data-handling regulations, only a quarter comply with ISO 27001/2, meaning companies are not adhering to security procedures when storing personal data.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@risk.net
More on Risk management
Op risk data: Payday lender Skytrail sees $1.4bn disappear
Also: Cartel claims cost European bond dealers dearly, plus oil price gouging and crypto cover-ups. Data by ORX News
Bankers hope EBA op risk taxonomy will go global
Proposed update to 20-year-old risk map is welcomed, but international co-ordination urged
Marex plots interest rate clearing push
UK broker is live on LCH and plans to be a “day one” clearing member on FMX
Eurex default fund reshuffle leaves members frustrated
Clearing members say concentration margin add-ons would be fairer than buffer on all portfolios
Tired of fat-finger blunders, G-Sibs turn to robots for help
Big banks speed up shift towards control automation and AI adoption to counter costly human errors, Benchmarking survey finds
CME, FICC in talks to expand cross-margining to client accounts
New rules and account structures will be needed to allow cross-margining by non-members
On geopolitical risk, G-Sibs choose their battles
Conflicts – both existing and threatened – raise concern among banks, but many are still grappling to weave the risk into their frameworks
Margin calls jumped threefold as global markets sold off
FCMs claim no client defaults, but episode revives complaints of procyclical margining