‘No one noticed? Good. Sweep it under the carpet.’ This seems to be the preferred method of top UK IT business bosses when it comes to dealing with data breach within their companies.
Exacerbating the situation, UK lawyers say only 65 of the 17,900 reported cases of computer hacking have resulted in prosecution - less than one percent. The number of convictions in 2017 was 47, said a research report by UK law firm RPC.
More than 60 percent of IT business leaders in the UK would cover up a data breach if it escapes public and regulatory attention, says an industry survey by Cambridge-based cryptographic solutions company nCipher Security.
"Senior business leaders are more willing than managers or directors to cover up their organisation falling victim to a data breach, with 71 percent at C-Level saying they would do so, compared to 57 percent of the latter category," said the report.
The General Data Protection Regulation (GDPR), makes it mandatory for all businesses that handle EU citizens’ data to disclose a data breach to the public and law enforcement agencies within 72 hours after it happens.
nCipher Security surveyed 250 IT decision makers in the UK who hold the responsibility over security purchases, revealing a contradictory stand towards data breaches and the GDPR mandate, of which the UK is still a part.
More than 65 percent of the respondents said they lacked skilled in-house resource to train the employees on detecting and reporting data breaches. Moreover, 55 percent of IT leaders on the board and wider C-suite were reluctant in supporting the step.
"By implementing the right security measures to protect their business critical information and applications up front by using tools such as encryption, investing in training and talent as well as understanding the regulatory landscape, businesses can take steps to avoid a damaging breach in the first place," said Peter Galvin, chief strategy and marketing officer at nCipher Security.
Awareness of cyber-crime among the public is increasing according to the RPC survey. Despite the dismal conviction rate, the number of computer hacking incidents being reported has gone up by 74 percent to 17,900 in 2018 from 13,200 in 2017.
The survey attributed the low proportion of prosecutions to the problems faced by police in tackling a crime in which the perpetrators are difficult to identify and pursue.
"Cyber-crime has become accepted as a low-risk, potentially high-reward activity for organised criminals. If they act professionally, they can make substantial sums of money with very little chance of being caught," said Richard Breavington, partner at RPC.
Jurisdictional challenges also aggravate the troubles in policing cyber-crime. Many probes have traced the base of the perpetrator to non-EU nations. Without a trans-border legal agreement, prosecution rarely happens.
Anjola Adeniyi, technical leader at Securonix, points out that there has been several cuts to police budgets, which affect its efficiency in dealing with the increasing cases of cyber-crime.
"With the reduced budgets, the average spend on cyber-crime across some UK police forces is about one percent of their budget and fewer than a quarter of police forces have dedicated cyber-crime units," she said.