A new survey of 2000 UK consumers, commissioned by endpoint security firm Bit9 + Carbon Black, revealed that 93% of respondents said they supported mandatory breach notification laws. These are likely to be enacted by the forthcoming EU Data Protection Regulation.
The findings of the survey, reported by Infosecurity Magazine, are a wake-up call for organisations that aren’t serious about information security and don’t have a proper respect for customer data.
The loss of consumer trust and calls for more accountability are evident in the following findings:
- 73% of respondents said it takes an unacceptably long time for businesses to realise they’ve been breached.
- 81% of respondents fear that cyber criminals could have already stolen their personal details without anyone realising.
- 81% of respondents claimed that breached customers should be given compensation by the organisation holding their data.
- 59% argued for fines to be levied against these firms, while 40% of these said the fines should be unlimited.
- 7% called for jail time for cyber security execs in breached organisations.
- 94% said that firms should be obliged to put technology in place so they know almost immediately if private information is breached.
Consumers’ concerns are not unfounded given recent data breaches such as the Ashley Madison hack, which saw 9.7GB worth of customer data posted online.
It is their information at stake, so consumers have the right to demand harsher penalties and request evidence that all measures have been taken to protect their information.
ISO 27001 and cyber threats
With cyber threats evolving faster than technology, there is a growing recognition of the need for better security management. Organisations cannot rely solely on technology to stop attacks, but they must ensure that they have adequate processes in place, educate staff and hire competent cyber security professionals to manage cyber security effectively.
ISO 27001 provides an integrated approach to information security management that encompasses people, processes and technology. An ISO 27001-complaint information security management system (ISMS) can become an effective weapon for combating cyber threats as it provides a framework to:
- Conduct risk assessments
- Devise a risk treatment plan
- Assign ownership and responsibilities
- Raise staff awareness
- Develop and implement information security policies and procedures
- Create a plan to prevent, detect and respond to security incidents
- Constantly assess the effectiveness of your ISMS
Get help with ISO 27001 implementation
Starting at less than £380, IT Governance’s ISO 27001 Packaged Solutions make it easy for organisations to implement the Standard and prepare for certification using a project approach appropriate for them. Click here for more information >>