View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 20, 2014

Trend Micro: Data breach fines are not deterring bad behaviour

Security firm says companies are responding too readily to news reports.

By Jimmy Nicholls

Rik Ferguson of security firm Trend Micro has criticised data protection fines for not being high enough after a survey by the firm showed prominent breaches were driving better data protection.

Almost 70% of businesses were found to be rethinking their data protection policies in the wake of breaches against the likes of eBay, Kickstarter and Adobe, while a quarter were taking no action.

Rik Ferguson, VP of security research at Trend Micro, said: "That businesses are being prompted by news coverage of big breaches suggests that the current penalties aren’t doing their job.

"Driving change is what the fines are meant to do: the financial incentives aren’t big enough at the moment."

British data protection agency the Information Commissioner’s Office (ICO) can only fine firms up to £500,000, but new EU data regulations will raise the bar to as much as €100m or 5% of global turnover.

Ferguson said that the new fines should attract the attention of the C-level executives if they are implemented.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

"It’s not just the fine that a business has to pay, it’s also a big hit to their reputation," he added. "That means businesses should not be complacent about their existing security provision."

A spokesman for the ICO said: "Our research clearly indicates civil monetary penalties have a positive impact on organisations data protection compliance and practice.

"This includes improved policies and practices; increased staff training; greater senior management buy-in and higher organisational awareness."

Just under a third of companies said they were raising staff awareness as a means of protecting themselves, while nearly two-thirds were implementing encrypted passwords.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.