Only one in ten UK businesses could be ready to follow the proposed European Commission ruling on reporting data losses within 24 hours.
As detailed by SC Magazine in January, businesses around the European Union (EU) should report "major" data breaches within 24 hours, in keeping with the hot Data Protection Directive for the ecu.
However, in a survey of 200 IT decision-makers at UK businesses with greater than 1,000 employees by LogRhythm, 87 per cent of respondents said they might be unable to spot individuals stricken by a breach within that point frame.
Furthermore, 13 per cent claimed it'll take them between one week and a month to pinpoint which customer data was affected, while six per cent didn't believe they might ever be capable to accurately obtain this data.
Ross Brewer, vice-president and managing director for international markets at LogRhythm, said: “The issuing of blanket breach notifications will inevitably have negative repercussions for the affected organisation.
“For example, the severity of an incident could be overstated, resulting in a lack of confidence among potential and existing customers. As well, the price of informing a person that their data can have been stolen is simply as high as telling them it definitely has, and is normally an unnecessary expense.â€
When asked about their ability to provide accurate breach notifications, 72 per cent of respondents said the implementation of a 24-hour notice period would put their organisation vulnerable to "over-disclosure", once they are forced to disclose additional information than is exactly necessary.
Also, just below 1/2 the respondents (47 per cent) admitted that data is just analysed after a safety event has occurred, instead of on a proactive basis; 28 per cent said it's doubtful that breaches may be prevented; and 18 per cent believed that breaches are actually inevitable whatever the safety features in place.
Nessun commento:
Posta un commento
Comments links could be nofollow free