Sign up for our newsletter
Technology / Cybersecurity

Trend Micro: Data breach fines are not deterring bad behaviour

Rik Ferguson of security firm Trend Micro has criticised data protection fines for not being high enough after a survey by the firm showed prominent breaches were driving better data protection.

Almost 70% of businesses were found to be rethinking their data protection policies in the wake of breaches against the likes of eBay, Kickstarter and Adobe, while a quarter were taking no action.

Rik Ferguson, VP of security research at Trend Micro, said: "That businesses are being prompted by news coverage of big breaches suggests that the current penalties aren’t doing their job.

White papers from our partners

"Driving change is what the fines are meant to do: the financial incentives aren’t big enough at the moment."

British data protection agency the Information Commissioner’s Office (ICO) can only fine firms up to £500,000, but new EU data regulations will raise the bar to as much as €100m or 5% of global turnover.

Ferguson said that the new fines should attract the attention of the C-level executives if they are implemented.

"It’s not just the fine that a business has to pay, it’s also a big hit to their reputation," he added. "That means businesses should not be complacent about their existing security provision."

A spokesman for the ICO said: "Our research clearly indicates civil monetary penalties have a positive impact on organisations data protection compliance and practice.

"This includes improved policies and practices; increased staff training; greater senior management buy-in and higher organisational awareness."

Just under a third of companies said they were raising staff awareness as a means of protecting themselves, while nearly two-thirds were implementing encrypted passwords.
This article is from the CBROnline archive: some formatting and images may not be present.