A new poll from LogRythm has highlighted how the majority of UK consumers surveyed would like to see new laws enacted that would force organisations to make mandatory disclosure.
In the survey of 1,000 consumers, 65.9% said that all breaches should be disclosed, irrespective of how big they are or the type of data concerned. A little over 11% of those asked said that only breaches involving critical information should have to be made public whilst 17.6% thought disclosure should depend upon the size of the breach. Just 5.4% of those polled thought that legislation was not required.
When asked if current punishments for firms losing data were sufficient only 6.2% thought that they were. Over 30% of the respondents thought punishments should be more severe and 28.8% though penalties dished out were unequal between differing companies and sectors.
Even though 48.3% of those polled thought that having their own data compromised at some point in the future was unavoidable, I do take some heart from the fact that there is at least some awareness of the risks surrounding the storage of data, even if the population at large is still, arguably, nowhere near careful enough about how they handle their own personal information.
Those partaking in the survey were asked which sectors they felt were most likely to be involved in a data breach. Gaming and social media sites were perceived as being the biggest potential offenders in this respect. Telecoms and mobile operators were so-so but healthcare and financial institutions were generally more trusted not to be breached.
Recent breaches, such as LoyaltyBuild which Brian Honan recently spoke to Technology.ie about, may account for why a mere 8.6% of respondents said yes when asked whether they thought organisations would keep their personal information safe from hackers. Over one third of those questioned clearly felt that firms could not protect their data.
Ross Brewer, vice president and managing director for international markets at LogRhythm, said:
“The barrage of data breaches this year has clearly impacted the way in which consumers perceive the security of their personal information, which points to an urgent need for organisations to up the ante on data protection.
EU data privacy laws go some way toward mandating full breach disclosure, but the feedback from consumers is that much more needs to be done – across industries far beyond the telecoms sector. However, with 53 percent of respondents admitting that they would think twice about doing business with breached organisations, businesses face a very difficult dilemma indeed.”
Away from business, the survey found consumers also had opinions on government involvement in cyber security. When asked whether the likes of the MoD and GCHQ were doing enough to protect national digital assets only 16.4% said yes whilst 30% said no. Despite all the publicity surrounding this topic lately, 53.6% of those surveyed didn’t know if Britain was doing enough to protect information from foreign hackers.
In response to these findings Brewer said,
“This year, the UK government has been very outspoken about its drive to commit more resources to cyber security, which could be a reason for the slight increase in public confidence – however, it has been a tough few months, and as NSA and GCHQ spying headlines continue to mount, confidence is understandably still low.
In any case, the research proves that more needs to be done by governments, industry regulators and organisations themselves to restore the confidence of those who matter most – the people handing over their private information. As consumers become more wary of how their data is used, there really is no room for excuses or lax security.”
Current EU legislation only requires Telecoms and ISPs to notify customers of data breaches. Do you think this requirement should be expanded to encompass all types of business?