Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

Companies Failing To Disclose Data Breaches To Clients According To Logica Security Survey

Only 40 per cent of organisations whose data is breached tell clients. More than half of companies fail to understand the impact of a security breach. Over 50 per cent believe that security is responsibility of IT department.
  • 25 September, 2008 08:48

<p>Sydney – 25 September 2008 - Survey results launched today by IT and business services company, Logica, reveal that companies are failing to report data security breaches to clients; 60 per cent of those who have experienced a data breach, did not tell their clients and half failed to tell the police or authorities.</p>
<p>The study conducted in conjunction with the e-media group, surveyed 300 public and private sector organisations over the last two months. The findings revealed that more than half (57 per cent) of those surveyed, have “no idea” or understanding of the impact of a security breach on their business or organisation. A continued lack of engagement with the issue is evident, with just 16 per cent of firms having a “Value at Risk”[1] profile for information assets it owns/controls; with half of respondents believing that security is solely an IT departmental issue.</p>
<p>Tim Best, Director Enterprise Security Solutions at Logica, commented on the findings: “Data losses put customers at risk and can lead to large contracts being withdrawn. With some organisations failing to disclose security breaches, this complacent attitude not only increases the likelihood of financial and reputational consequences but also highlights the inadequate security policies and protocols that UK organisations have in place. It is time to take action – it should be mandatory for all organisations to report significant breaches of confidential personal information to the Information Commissioner or their regulatory body. Only through mandatory reporting will the scale of the problem be understood, which will lead to the correct solutions being applied.”</p>
<p>The study also demonstrated a lack of awareness of how to securely manage data and a lack of knowledge of how to prevent a security breach among many organisations. Only 30 per cent educate staff in IT security and information handling procedures on a regular basis, with less than a third employing a specific security incident response team. The survey also revealed that while 63 per cent of those surveyed hold personal data subject to EU data handling regulations, only a quarter comply with ISO27001/2, meaning that companies are not adhering to security procedures when storing personal data.</p>
<p>Tim Best adds: “Security should not be the sole responsibility of the IT department; it is a boardroom issue and the focus must be to protect the trust that clients have in an organisation. If you have experienced a security breach, it is essential to conduct a risk assessment to understand the issue and avoid a reoccurrence. All organisations must put in place mandatory services and policies which enable compliance with legal requirements and establish coherent, comprehensive and cost effective security controls and policies throughout the organisation”.</p>
<p>“It is clear from this survey that IT and security training remains a fundamental issue, with 70 per cent of those surveyed not training staff in IT security and information handling procedures. As employers now look to adopt flexible working initiatives, they must invest in a comprehensive security awareness policy to mitigate against potential information breaches.”</p>
<p>About Logica</p>
<p>Logica is a leading IT and business services company, employing 39,000 people across 36 countries. It provides business consulting, systems integration, and IT and business process outsourcing services. Logica works closely with its customers to release their potential - enabling change that increases their efficiency, accelerates growth and manages risk. It applies its deep industry knowledge, technical excellence and global delivery expertise to help its customers build leadership positions in their markets. Logica is listed on both the London Stock Exchange and Euronext (Amsterdam) (LSE: LOG; Euronext: LOG). More information is available at www.logica.com</p>
<p>About The Study</p>
<p>Logica conducted a comprehensive study of IT Directors, CTOs and iT security managers in 300 public and private sector organisations representing a cross section of industries and sectors. The survey was conducted in August and September 2008.</p>
<p>[1] Only 16% of organisations have a “Value at Risk” profile for their information assets. This means that other organisations are unable to effectively classify their data and hence find it difficult to put in place specific security that will adequately protect that data from loss.</p>

Most Popular

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release

Market Place