Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Study claims people losing patience with firms that endanger their data

According to the research – which took in responses from 2,000 people – many users now have an overwhelming desire for data loss disclosure laws.

Researchers found that 80% of respondents said that they now have reservations about trusting organizations to keep their data safe from hackers.

In a similar survey, conducted on LogRhythm’s behalf back in November 2010, only 63% were concerned about this issue – an increase of delta 27% Infosecurity notes.

Further comparing the two sets of research, while last year 17% of respondents were adamant they would never have anything to do with organizations that had lost data as a result of cybercrime, in 2011 this figure rose to 26%.

A further 61% of this year’s respondents, meanwhile, said they would try to avoid interacting with these organizations if at all possible. Just 13% stated their attitude toward a brand would be unaffected by a data loss incident.

Commenting on the figures, Ross Brewer, LogRhythm's managing director, said that in a year that has seen an unprecedented number of high-profile data breaches, it is hardly surprising to see public opinion shift in this way.

“Organizations need to look at these findings and realize that unless data security is improved they will lose customers and the bottom line will be affected”, he said.

“November will see the European Commission publish the new version of its Data Protection Directive following a consultation that wrapped up in September 2011”, he added.

This legislation, says Brewer, will include recommendations regarding a mandatory data breach disclosure law covering public and private sector organizations.

As a result, he claims it will be much easier for the public to identify, and boycott, those organizations that are being irresponsible when it comes to data protection.

Delving into the research reveals that respondents appeared to show enthusiasm for legislation forcing organizations to publish information relating to incidents in which individual’s data is put at risk.

Seventy-two percent thought that all breaches should be publicized, while 11% were of the opinion that only breaches of a pre-determined size should be made public.

When asked more specifically about the process involved, 69% wanted to be notified immediately, 19% were happy for an investigation to take place before affected customers were notified.

Ten percent, meanwhile, thought that notification should be dependent on whether the information is of a sensitive nature, an individual’s bank details for example.

Brewer asserts that the high proportion of respondents in favor of universal and instant notification tells us a lot about the lack of trust that exists when it comes to organization’s ability to defend against cyber attacks.

“When asked if organizations are doing enough to secure customer data 81% did not believe this was the case and that more needed to be done”, he explained.

Curiously, researchers also found that the British public also seem to be largely unaware of the work of the Information Commissioner’s Office (ICO), as 64% of those questioned had not even heard of the ICO. Of those that knew of the ICO, however, only 33% thought it was doing a good job.


What’s Hot on Infosecurity Magazine?