CyberSecurity/Data

Trend Micro: Data breach fines are not deterring bad behaviour

Data Jimmy Nicholls

13:08, August 20 2014

Data

image

Security firm says companies are responding too readily to news reports.

Rik Ferguson of security firm Trend Micro has criticised data protection fines for not being high enough after a survey by the firm showed prominent breaches were driving better data protection.

Almost 70% of businesses were found to be rethinking their data protection policies in the wake of breaches against the likes of eBay, Kickstarter and Adobe, while a quarter were taking no action.

Rik Ferguson, VP of security research at Trend Micro, said: "That businesses are being prompted by news coverage of big breaches suggests that the current penalties aren't doing their job.

"Driving change is what the fines are meant to do: the financial incentives aren't big enough at the moment."

British data protection agency the Information Commissioner's Office (ICO) can only fine firms up to £500,000, but new EU data regulations will raise the bar to as much as €100m or 5% of global turnover.

Ferguson said that the new fines should attract the attention of the C-level executives if they are implemented.

"It's not just the fine that a business has to pay, it's also a big hit to their reputation," he added. "That means businesses should not be complacent about their existing security provision."

A spokesman for the ICO said: "Our research clearly indicates civil monetary penalties have a positive impact on organisations data protection compliance and practice.

"This includes improved policies and practices; increased staff training; greater senior management buy-in and higher organisational awareness."

Just under a third of companies said they were raising staff awareness as a means of protecting themselves, while nearly two-thirds were implementing encrypted passwords.



Source: Company Press Release

Comments

Post a comment

Comments may be moderated for spam, obscenities or defamation.