Widespread demand for harsher penalties and enforced data breach detection measures
Bit9® + Carbon Black®, the leader in endpoint threat prevention, detection and response, today released the findings of a survey of over 2,000 UK consumers. The research revealed that the spate of high-profile data breaches reported in recent years is leading to increasing public fear about organisations’ ability to prevent and detect cybercrime. Nearly three-quarters (73%) of consumers say the time it is taking businesses to realise that sensitive customer data has been lost is ‘unacceptable’ and as a result, there are grave concerns about the existence of breaches that have yet to be discovered. The concern has risen to such a degree that over four in five (81%) consumers in Britain actually fear that cybercriminals could already have stolen their personal details without anyone realising.
Tougher penalties
Many consumers are now calling for harsher penalties for businesses that could have prevented or detected a breach sooner if they had more effective, next-generation security measures in place:
- 81% of people believe that compromised customers should be compensated by the organisation holding their data
- 59% of people say that a fine should be levied on organisations, whilst 40% of those respondents said those fines should be unlimited
- 7% of people actually want individuals in the organisation to be culpable for their failures, calling for security officers to face jail time
“The data that companies keep about their customers is a highly valuable commodity in today’s connected world; providing access to our bank accounts, shopping habits and even our very identity,” said David Flower, Managing Director, Europe, Middle East and Africa, for Bit9 + Carbon Black. “High-profile data breaches at the likes of Target and more recently Ashley Madison have raised public awareness about the risks they are exposed to by the actions of cybercriminals seeking to steal their data. Consumers feel that it’s taking organisations far too long to detect a breach; if they can detect it at all, which is putting them at unnecessary risk. The demands for tougher penalties are an eye-opening indication of the way things could be headed if businesses don’t sit up and take note of these concerns.”
Mandatory detection rules
The research further revealed that the overwhelming majority (94%) of consumers think businesses should have the ability to detect whether customer data has been stolen within 24 hours, whilst 47% said this should be narrowed to a matter of minutes. Nearly two-thirds (63%) think that any business that stores sensitive information about them should keep it under constant, 24-hour surveillance to ensure that a breach can be detected sooner.
The significant majority (93%) of consumers indicated their support for the mandatory and immediate disclosure of any discovered data breaches to the public and the authorities, which is set to be enforced by the forthcoming EU Data Protection Regulation. However, many believe the EU isn’t going far enough: 94% of respondents believe it should be mandatory for any business storing their data to have appropriate processes in place to ensure they are able to detect if data has been stolen as quickly as possible, so that ignorance cannot be used as an excuse for non-disclosure.
“Data breaches have become such a regular occurrence that the public has lost patience,” continued Flower. “It isn’t enough to just put in a firewall and install antivirus software; cybercriminals have long since found their way past those defences. Businesses now need advanced security capabilities that allow them to prevent, detect and respond to threats; not just on the network, but on the endpoint devices where data is stored, accessed and processed. Businesses need to maintain always-on, continuous monitoring so they’re able to notify customers immediately if their data is stolen. This will enable the victim to take measures such as cancelling cards or notifying credit reference firms early enough to prevent the cybercriminals from doing any serious damage.”
The survey of 2,003 British adults aged 16 – 64 was conducted by independent research firm TNS on behalf of Bit9 + Carbon Black.[su_box title=”About Bit9 + Carbon Black” style=”noise” box_color=”#336588″]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.