UK Consumers Call for Harsher Breach Penalties

British consumers are fast losing patience with the business they patronize, with a majority calling for fines and compensation for those which fail to adequately protect customer information, according to new research.

Endpoint security firm Bit9 + Carbon Black commissioned research firm TNS to interview over 2000 UK consumers to compile the findings.

Nearly three-quarters (73%) said it takes an unacceptably long time for businesses to realize they’ve been breached. Partly as a result, 81% of respondents said they feared that criminals may already have stolen their personal data from a ‘trusted’ third party.

There was little sympathy for firms which have not invested enough in cybersecurity.

Some 81% of respondents claimed that breached customers should be given compensation by the hacked business, while 59% argued for fines to be levied against these firms. Almost half (40%) of these said the fines should be unlimited.

A small minority (7%) even called for jail time for cybersecurity execs in breached organizations.

Nearly all UK consumers interviewed (93%) said they supported mandatory breach notification laws – as per the recommendations set to be enacted in the forthcoming EU General Data Protection Regulation.

However, 94% said the laws should go further, so that firms are obliged to put in place technology so they know almost immediately if private information is breached.

Bit9 + Carbon Black EMEA managing director, David Flower, argued that the scale of the problem may be even worse than British consumers fear, as many breaches still go unreported.

“It isn’t just that some businesses are keeping quiet, but many of them are actually unable to detect a breach in the first place, so are unaware of the problem themselves,” he told Infosecurity.

“Today’s businesses simply cannot afford to underestimate the threat of cybercrime and must start to take more proactive measures to prevent, detect and respond to cybercriminals, or there’s a risk that they’ll face a severe public backlash.”

There’s no such thing as an unbreachable company, but organizations can do more to reduce risk and react quicker to attacks via technology like continuous endpoint monitoring, he added.

“The one silver-lining here is that the public has perhaps unexpectedly accepted that it is inevitable that businesses will be hacked at some point, despite their best efforts,” said Flower.

“However, their main grievance is over the amount of time that it takes businesses to realize that they’ve been breached. As such, the only way to offer the assurance that the public is looking for is for businesses to close the gap between breach and detection.”

What’s Hot on Infosecurity Magazine?