By John E. Dunn
08 April 2008
A growing number of security pros believe that the way to stop data
breaches from happening is simple as it is stark - send the CEOs or
board members deemed responsible to jail.
The opinion emerged from a survey by security mainstay Websense at the
recent UK e-Crime Congress, which polled 107 security professionals on
their opinions. Seventy-nine percent believed that companies should be
fined for data breaches . something that does already happen in some
cases in the UK . while 59 percent were in favour of compensation for
consumers affected by a breach.
The most striking view of all was that the time had come to punish
serious data breaches with jail time for senior staff, with 25 percent
rating that as a necessary step. Only three percent were against any
form of legally-enforceable punishment.
Although this was a small poll of the sort that IT companies regularly
drum up to use as PR after industry shows, the numbers give another
indication of the changing attitudes towards the well-paid captains when
it comes to taking responsibility for security.
And how about the number of respondents who believed that the IT
department should bear ultimate responsibility? A meagre five percent.
Almost all agreed that the world now needed a global body to oversee
cooperation on data security, complete with the power to enforce action.
The tendency to point the finger of blame at company boards probably has
something to do with the apparent causes of poor security. Forty-five
percent thought this was down to cost . boards are often blamed for not
spending enough unless forced to . while 45 percent also named the fact
that data security just wasn.t high enough on the list of company
Subscribe to InfoSec News