Penalties, Punishment & Prison for Serious Data Breaches advocated: Survey

Websense declared the results of an international survey of 102 security professionals conducted at this year’s e-Crime Congress. Nearly all respondents (98 %) believe that the law should address serious data breaches that expose consumers’ data loss through punishments such as fines (65%), mandatory disclosure (68%), and compensation for consumers’ affected (55%). Sixteen percent even advocate arrest and jail sentence for the CEO or board members.

Respondents feel that companies that are not taking action against data loss and theft have it as an agenda item, but it’s not yet a high enough priority (45%). Furthermore, 70% say the CEO should hold ultimate responsibility should a breach arise. And the pressure is mounting, as 93% of all respondents believe the advent of the Internet of Things will make companies even more vulnerable to data theft.

Over three quarters (77%) of respondents say employees would connect to an unsecure WiFi to respond to an urgent request by the CEO or company executive; with just over 30% of security professionals saying they would do so themselves.

As data theft disclosures hit the headlines, it appears to be inadvertently helping companies address the issues. Three quarters of security professionals feel the publicity has helped other companies create a case for budget, focus and resources. Only 15% believe that the headlines have hindered this as they make companies feel powerless to protect against these attacks.

Neil Thacker, Information Security & Strategy Officer at Websense explains: “The more we talk about the issues and share the common techniques used to breach organizations and abuse, steal or damage data, the better. With the increasing data deluge that will only increase with the Internet of Things, and the dilemma of an increasing information security skills shortage, organizations have a tough challenge ahead. Implementing a data theft prevention control that provides a data-centric approach to security, alongside building a culture of security accountability across the business through collaboration, is essential to keep data protected.”