Data breaches erode trust in business

Recurring data breaches over the past five years have undermined public trust in the ability of both private firms and Government organisations to safeguard personal information, according to Check Point.

Despite this erosion of trust, and public demands for better data security, a significant number of people are still risking data breaches through unsafe computing practices in the workplace.

In the Check Point and YouGov survey of over 2,000 British people, 50% said their trust in Government and public sector bodies was diminished as a result of ongoing breaches and losses of personal data over the past five years, while 44% said their trust in private companies was reduced.

To underline the impact that a data breach can have on a company’s reputation, 77% of respondents said they would actively prefer to buy goods or services from a company that had not suffered a data breach, in preference to buying from a company that had suffered one.

Just 12% said that it was not important to them whether a company had suffered a breach – highlighting the need for organisations to apply stronger security controls, such as data encryption, to all sensitive information, to mitigate the loss of trust and reputational damage that results from data losses.

Despite the erosion of public trust, and the requirement for organisations to handle peoples’ personal data responsibly, significant numbers of respondents admitted to regularly taking risks with potentially sensitive data at work, that could lead to data breaches.

Of the people in the survey who sometimes work away from their office base, 34% regularly forward material to personal email accounts so they can continue working away from the office. 40% check work email regularly on personal phones or tablets; 33% carry work-related data on unencrypted USB memory sticks; and 17% use insecure cloud storage services such as Dropbox.

Terry Greer-King, UK managing director for Check Point said: “The numbers of data breaches reported over the past five years has grown tenfold from both the public and private sectors, according to the Information Commissioner’s Office. In 2011 alone, there were 821 breaches reported – so it’s no surprise that the public has lost a great deal of trust in the ability of organisations to handle data securely, and that they would actively choose to do business with companies that have not suffered a breach. The findings of the survey show the value that the public places on an organisation’s ability to protect sensitive data, and to cut the risk of it falling into the wrong hands.”

25% of workers say they risk causing breaches even though their company’s IT policy specifically forbids such actions, while a further 23% either do not know if their company has an IT security policy, or are not aware of what their company’s IT policy states.

Greer-King added: “Even though people feel strongly about the risks to their personal data, it’s worrying that a significant number of knowledge workers regularly risk committing a breach though insecure computing practices, either in spite or in ignorance of their employer’s IT policies. These risks and threats need to be addressed by a combination of education and technology, so that organisations can protect their data, their business and their employees against the risks of breaches, and the damage that they can cause.”