Customers’ data and its security is the major goal of any company. Breach in this not only tarnishes the reputation of the company but also faith of the customers gets a thrashing. A majority of directors, hence, believe that companies should face severe penalties if they fail to keep customers’ data safe.
Seven in 10 board members have demanded stricter punishment for those who fail to meet basic cyber-security requirements.
The issue came in the wake of the major yahoo security breach. The breach affected the names, passwords and information of 500 million users in 2014, but it was discovered only recently.
The research, which surveyed 200 directors from companies with more than 500 employees, found that 71 percent believe companies should be penalised for failing to meet basic cyber security requirements.
Rob Cotton, NCC’s chief executive, said big companies were often the most unworried about cybersecurity, with directors themselves refusing to take responsibility for safety.
“For years it hasn’t been taken seriously enough in boardrooms across the country and while these results don’t prove that it’s now being managed appropriately, they do show that directors are realising that greater scrutiny and oversight from regulators and government will stimulate the necessary action and help drive-up standards,” he said.
At present, security failings are punishable with a fine of up to £500,000 from the Information Commissioner’s Office (ICO). EU data protection rules due to come into force in 2018 will create penalties of up to 4pc of global revenues or up to €20m (£17m), but it will be up to national regulators to enforce the rules.