Prison a 'fair' punishment for data breach failures

A quarter of security professionals believe the arrest and jailing of a responsible chief executive or board member is a fair punishment for a serious company data breach, according to an e-crime survey.

Almost all (96 per cent) say that the board or chief executive should be held accountable for security breaches, with 26 per cent believing the chief executive should be ultimately accountable.

This comes just a day after bank HSBC admitted to losing nearly 400,000 customer records in the post.

This was according to a Websense survey released today and conducted at the recent e-Crime Congress in London. Only three per cent believed there should not be a legally enforced punishment, while 59 per cent said that compensation should be given to consumers affected.

Organisations are now under more pressure than ever to handle data loss properly, with 79 per cent of respondents believing stakeholders were putting more pressure to introduce security measures. The brand name, media, personal data security and share prices were key reasons.

Nearly all (96 per cent) believed that there should be an enforcing body that forces global governments to work together against cybercrime.

"This survey indicates a strengthening opinion for action to be taken against cybercrime and data loss on a broader scale than ever before," said Mark Murtagh, technical director for EMEA at Websense.

"We do expect more stringent regulation for security breaches, including those that involve the loss of personal data," he added.

Many felt those at board-level still took a reactive approach to security threats, even though the opinion was that they should take full responsibility if anything went wrong.

"Board members should ensure proactive, strategic action is taken to protect their organisation's essential information. From emerging web-based and e-mail borne security threats to data loss, to prevent sensitive information from getting into the wrong hands," said Murtagh.

Many of the security professionals polled felt that some businesses still did not take data loss prevention seriously enough. The top reasons for companies not taking action was cost and not putting the protection of confidential data as a high enough priority.

Interestingly, 91 per cent of the security professionals polled believed that introducing a recognised security standard would inspire more consumer trust in businesses.