CEOs deserve jail for data breaches

CEOs deserve jail for data breaches
CEOs deserve jail for data breaches 

By John E. Dunn
08 April 2008

A growing number of security pros believe that the way to stop data 
breaches from happening is simple as it is stark - send the CEOs or 
board members deemed responsible to jail.

The opinion emerged from a survey by security mainstay Websense at the 
recent UK e-Crime Congress, which polled 107 security professionals on 
their opinions. Seventy-nine percent believed that companies should be 
fined for data breaches . something that does already happen in some 
cases in the UK . while 59 percent were in favour of compensation for 
consumers affected by a breach.

The most striking view of all was that the time had come to punish 
serious data breaches with jail time for senior staff, with 25 percent 
rating that as a necessary step. Only three percent were against any 
form of legally-enforceable punishment.

Although this was a small poll of the sort that IT companies regularly 
drum up to use as PR after industry shows, the numbers give another 
indication of the changing attitudes towards the well-paid captains when 
it comes to taking responsibility for security.

And how about the number of respondents who believed that the IT 
department should bear ultimate responsibility? A meagre five percent.

Almost all agreed that the world now needed a global body to oversee 
cooperation on data security, complete with the power to enforce action.

The tendency to point the finger of blame at company boards probably has 
something to do with the apparent causes of poor security. Forty-five 
percent thought this was down to cost . boards are often blamed for not 
spending enough unless forced to . while 45 percent also named the fact 
that data security just wasn.t high enough on the list of company 

Subscribe to InfoSec News 

Site design & layout copyright © 1986-2014 CodeGods