
“In the UK, there is no legislation which demands the publication of such breaches, so the extent of the problem here is hidden,” said Paul Davie, founder of Secerno.
“Any of us could have been affected; we often don’t find out until it’s too late. There is a clear demand from security professionals and consumers that the Government and the EU should follow the US lead and impose a legal framework that forces companies to disclose breaches.”
In a separate study, 82 percent of consumers expect to be notified immediately if their personal details have been taken in a security breach. More than half (53 percent) said they would vote with their feet and stop using the affected organisation’s service upon hearing of the incident, according to the research by Ipsos MORI.
Davie believes a breach, similar to the recent high-profile case of TJX in the US, may have already happened in Europe. But, he argues, without the obligation to notify their customers, companies are “eroding consumer confidence”.
He also warned that businesses should take action now, instead of waiting for EU legislation. “Many businesses make the mistake of believing data security to be just an IT issue, when it is evidently more important than that,” he said. “It is a business issue that needs managing from the board level now.”