4 - 5 OCTOBER 2017 / EXCEL LONDON

The data breach blame game

Tuesday 22 August 2017

Organisations often looks to lay the blame of a data breach at someone else's feet instead of taking responsibility itself right from the outset

The cyber threat to UK business is significant and growing. Since February, when the National Cyber Security Centre was opened, the UK has been hit by 188 high-level attacks which were serious enough to warrant NCSC involvement, and countless lower level attacks.

The fact of the matter is, that in the past year, the world has been inundated with cyber attacks on a scale and boldness which has not been seen before.

Understandably, politicians, businesses and the general public are asking questions. Just who is responsible for these data breaches? Your first thought is probably about the perpetrator – was it a criminal hacker, state sponsored, an automated botnet or perhaps even a malicious insider at an organisation. Its human nature to want answers.

And whilst attribution is certainly important, especially when we consider the criminal and judicial implications, a compromised organisation also has a responsibility to accept and acknowledge facts surrounding the incident, particularly when there are external customers or clients involved.

Deny, deny, deny

When a data breach is first reported on the news, organisations often look to distance themselves from the blame, or take responsibility for failing to protect sensitive data or systems.

Excuses are regularly thrown around that include: “The breach really wasn’t that serious;” “The data taken isn’t that sensitive;” and the even more popular “Our security is comparable to others in the industry.”

After inadvertently turning over sensitive financial records of at least 50,000 clients to an opposing lawyer, the legal counsel at a global corporation even blamed their counterpart for the exposure!

With GDPR looming in less than a year, and recent enforcements by the Information Commissioners Office (ICO), it’s obvious the UK isn’t going to be pulling any punches when it comes to data responsibility.

READ MORE: INFORMATION AGE

Top