The UK public believes more severe punishments should be given to organisations that suffer a data breach. That is according to LogRhythm, a security intelligence product company, that had a survey of 1,000 consumers conducted by OnePoll. More than half of respondents (59 percent) felt that organisations should face harsher penalties for losing sensitive data, with almost a quarter (24 percent) of those believing that punishments levied are often unequal.
The survey also suggests that, despite wanting a more heavy-handed response to data loss, security breaches tend to leave the public consciousness relatively quickly. While 56 percent of people said they either don’t do business with an organisation that has suffered a breach, or at least limit the amount of information they share with them, 61 percent claimed they did not know of any businesses that had fallen victim. Furthermore, many members of the UK public seem to have taken little notice of computer security bugs that have been discovered this year, with a third of consumers (33.7 percent) claiming to have never heard of vulnerabilities such as Heartbleed and Shellshock. However, of those that were aware of them, 30.5 percent said the revelations had affected how they behave online.
Ross Brewer, vice president and managing director for international markets at LogRhythm, said: “We’ve seen a number of high-profile organisations suffer security breaches this year, but it’s still surprising that so few people are able to recall them, even after the media storms surrounding breached organisations like eBay. Breaches have become so commonplace that people simply expect businesses to fall victim at some point, which is resulting in them becoming numb to these types of stories. In fact, 45 percent said they felt it was inevitable that their data would eventually be compromised.
“What we don’t want is for businesses to take advantage of this and take a laissez-faire attitude to security. These attacks and software vulnerabilities can potentially wreak havoc, not just for individuals, but for the organisations themselves. If their employees fail to be cautious online, it will be the company that suffers the financial consequences. What’s more, given that many customers would refuse to engage with an organisation that lost any personal data, future business is at stake and organisations need to have the right defences in place that will enable them to identify any changes in network activity.”
The research also indicates that, while confidence in the government’s ability to keep national assets safe still remains relatively low, this is slowly increasing. Indeed, 18 percent said they felt enough is being done to protect the nation’s data, which compares to 16 percent in 2013, and just 11 percent in 2012. Almost half (42 percent) also felt that the threat of international cyber war and cyber terrorism is now extremely credible and 48 percent said that the government would be justified in launching pre-emptive strikes if the threat was serious enough.
“It’s encouraging to see that confidence in the government is increasing, but there is still a long way to go,” said Brewer. “The threat landscape is getting even more traitorous every day and this is clearly becoming apparent to the general public. Public and private sector organisations must therefore ensure they are working together to protect the public as best they can. While it may be a case of when, not if, a cyber attack occurs, everyone must do their bit to guarantee that, when it does happen, the risk is mitigated.”
LogRhythm urges organisations to make better use of the data generated by networks so that potential threats can be identified before they have a chance to escalate. Visit http://www.logrhythm.com/.
