Imago Techmedia Ltd is registered in England and Wales under Company No. 04865455. VAT No. GB 843 8456 01
Registered Office: Bedford House, Fulham Green, 69-79 Fulham High Street, London, SW6 3JW, United Kingdom
Business Address: Imago Techmedia, 2C Bedford House, Fulham Green, 69-79 Fulham High Street, London, SW6 3JW, United Kingdom
Imago Techmedia is a subsidiary of Clarion Events Limited
The data breach blame game
Tuesday 22 August 2017
Organisations often looks to lay the blame of a data breach at someone else's feet instead of taking responsibility itself right from the outset
The cyber threat to UK business is significant and growing. Since February, when the National Cyber Security Centre was opened, the UK has been hit by 188 high-level attacks which were serious enough to warrant NCSC involvement, and countless lower level attacks.
The fact of the matter is, that in the past year, the world has been inundated with cyber attacks on a scale and boldness which has not been seen before.
Understandably, politicians, businesses and the general public are asking questions. Just who is responsible for these data breaches? Your first thought is probably about the perpetrator – was it a criminal hacker, state sponsored, an automated botnet or perhaps even a malicious insider at an organisation. Its human nature to want answers.
And whilst attribution is certainly important, especially when we consider the criminal and judicial implications, a compromised organisation also has a responsibility to accept and acknowledge facts surrounding the incident, particularly when there are external customers or clients involved.
Deny, deny, deny
When a data breach is first reported on the news, organisations often look to distance themselves from the blame, or take responsibility for failing to protect sensitive data or systems.
Excuses are regularly thrown around that include: “The breach really wasn’t that serious;” “The data taken isn’t that sensitive;” and the even more popular “Our security is comparable to others in the industry.”
After inadvertently turning over sensitive financial records of at least 50,000 clients to an opposing lawyer, the legal counsel at a global corporation even blamed their counterpart for the exposure!
With GDPR looming in less than a year, and recent enforcements by the Information Commissioners Office (ICO), it’s obvious the UK isn’t going to be pulling any punches when it comes to data responsibility.
READ MORE: INFORMATION AGE