Companies are failing to disclose
data security breaches to clients.
A security survey of 300 companies by IT services firm Logica
found only 40% of organisations whose data is breached
tell clients.
Only half of firms who had suffered a breach told the police or
the authorities.
More than half of companies failed to understand the impact of a
security breach, said Logica.
More than 50% of firms believed security was the
responsibility of the IT department.
Tim Best, director for enterprise security solutions at Logica,
said: "Data losses put customers at risk and can lead to large
contracts being withdrawn. With some organisations failing to
disclose security breaches, this complacent attitude not only
increases the likelihood of financial and reputational
consequences, but also highlights the inadequate security policies
and protocols that UK organisations have in place."
Tim Best said: "It is time to take action, it should be
mandatory for all organisations to report significant breaches of
confidential personal information to the Information Commissioner
or their regulatory body. Only through mandatory reporting will the
scale of the problem be understood, which will lead to the correct
solutions being applied."
The survey found that only 30% of firms educate staff in IT
security and information handling procedures on a regular basis,
with less than a third employing a specific security incident
response team.
Read more about data security:
Data security breaches at HMRC continue to rise>>
How effective is the Government's data security? CW bloggers speak
out>>