Companies are failing to report data security breaches to clients, according to a new survey from IT and business services company Logica.
The survey, which included input from 300 public and private sector organisations, found that 60% of those companies that have experienced a data breach have not told their clients about a data breach, while half failed to tell the police or relevant authorities.
These results fly in the face of the risk data breaches pose to business, according to Tim Best, director of enterprise security solutions at Logica.
“Data losses put customers at risk and can lead to large contracts being withdrawn,” Best said. “This complacent attitude not only increases the likelihood of financial and reputational consequences but also highlights the inadequate security policies and protocols that UK organisations have in place.”
Best is calling for mandatory reporting for organisations that experience a data breach.
“Only through mandatory reporting will the scale of the problem be understood, which will lead to the correct solutions being applied,” Best said.
Reponsibility for these breaches goes beyond IT, however.
“Security should not be the sole responsibility of the IT department; it is a boardroom issue and the focus must be to protect the trust that clients have in an organisation."
