Fines and compensation also an option
A new survey of security executives has revealed that they believe CEOs and board members should face imprisonment for exposing consumers’ confidential data.
The survey, carried out on behalf of Websense at this year’s e-Crime Congress, found that 30% of the 104 respondents believe jail time is a suitable punishment for security breaches that result in the loss of confidential data.
Negligent security procedures should also result in a fine for the guilty company, 62% of respondents believed. Compensation for consumers whose data had been compromised was favoured by 68% of respondents.
The survey also revealed some interesting opinions on attitudes towards data protection. The vast majority (93%) of respondents believe companies are under more pressure to protect against data loss due to the recession. However, 46% believe that data loss is not a priority because of cost cutting during the economic downturn.
Over half of those quizzed think that companies are not taking action against data loss because there are no legal requirements to do so.
Mark Murtagh, technical director at Websense, said: “This research shows that security is still an important concern to all security professionals. The call for severe penalties reveals the need for businesses to step up to the mark and better understand the implications of a data breach. By taking active steps like using a DLP solution to trace inbound as well as outbound data leaks, and having visibility of where important and valuable data sits, companies greatly reduce the risk of becoming a statistic.”
Most (66%) of respondents think that blame for any data breach should lie with the CEO and other C-level executives. A quarter believe that the responsibility should lie solely at the CEO’s door.