Security breaches that affect consumer data should result in gaol terms or fines for those responsible according to new research.
Software vendor Websense surveyed over 100 security professionals at this year’s e-Crime Congress in London. Those surveyed included security staff from organisations in the private and public sector as well as senior managers responsible for auditing and risk compliance.
The survey revealed strong support for strict accountability measures for companies who allow consumers’ personal and confidential data to be illegally accessed.
In fact, a quarter of those surveyed believed arrest and gaol sentences are appropriate punishments for the CEO or board member responsible for serious company data breaches. Almost 80 percent of respondents believed companies should be fined for breaches while 60 percent stated that consumers who have suffered as a result of a data breach should be compensated. Prohibitive costs and a confusing and weak set of legal requirements were some of the factors cited as typical reasons companies do not prioritise shoring up their security systems.
Phil Vasic, country manager A/NZ, Websense, said that the upper echelons of public and private companies need to take more action to prevent cybercrime and data theft.
“Board members should ensure proactive, strategic action is taken to protect their organisation’s essential information from emerging Web-based and e-mail borne security threats and data loss to prevent sensitive information getting into the wrong hands,” he said.
Vasic added that the almost unanimous support for an enforcing body that works with global governments to address increasing occurrences of cybercrime may mean the arrival of tougher data protection regulations in the near future.
“This survey indicates a strengthening opinion for action to be taken against cybercrime and data loss on a broader scale than ever before. We do expect to see more stringent regulation for security breaches, including those that involve the loss of personal data,” he said.
More accountability needed in data protection
By Staff Writers on Apr 11, 2008 1:54PM