Trend Micro: Data breach fines are not deterring bad behaviour


by Jimmy Nicholls| 20 August 2014

Security firm says companies are responding too readily to news reports.

Rik Ferguson of security firm Trend Micro has criticised data protection fines for not being high enough after a survey by the firm showed prominent breaches were driving better data protection.

Almost 70% of businesses were found to be rethinking their data protection policies in the wake of breaches against the likes of eBay, Kickstarter and Adobe, while a quarter were taking no action.

Rik Ferguson, VP of security research at Trend Micro, said: "That businesses are being prompted by news coverage of big breaches suggests that the current penalties aren't doing their job.

"Driving change is what the fines are meant to do: the financial incentives aren't big enough at the moment."

British data protection agency the Information Commissioner's Office (ICO) can only fine firms up to £500,000, but new EU data regulations will raise the bar to as much as €100m or 5% of global turnover.

Ferguson said that the new fines should attract the attention of the C-level executives if they are implemented.

"It's not just the fine that a business has to pay, it's also a big hit to their reputation," he added. "That means businesses should not be complacent about their existing security provision."

A spokesman for the ICO said: "Our research clearly indicates civil monetary penalties have a positive impact on organisations data protection compliance and practice.

"This includes improved policies and practices; increased staff training; greater senior management buy-in and higher organisational awareness."

Just under a third of companies said they were raising staff awareness as a means of protecting themselves, while nearly two-thirds were implementing encrypted passwords.

Source: Company Press Release

Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

792 people like this.
2211 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.