Data breaches should be punishable by law, say security pros

At the 2015 e-Crime Congress, Websense conducted an international survey of 102 security professionals to shed light on industry views regarding current repercussions and policies for serious data breaches. The vast majority of respondents, 98 percent, believe that exposure of consumer data due to breaches or negligence should be dealt with by the law. Punishment, most respondents agreed, should be in the form of fines, although almost a fifth felt that CEOs and board members should be arrested and face jail time.

The headline publicity over recent large scale breaches has encouraged companies to take their cyber-security seriously making it a priority regarding budget, focus, and resources, according to the Websense report. Yet still, security professionals remain concerned that most employees will still use WiFi that has not been secured for business communications, with one third admitting they would do the same under urgent circumstances.

“The more we talk about the issues and share the common techniques used to breach organisations and abuse, steal or damage data, the better,” Neil Thacker, information security and strategy officer at Websense, wrote in an email to SCMagazineUK.com. “With the increasing data deluge that will only increase with the Internet of Things, and the dilemma of an increasing information security skills shortage, organisations have a tough challenge ahead.”