Three in four customers unhappy with cyber attack timescales
Nearly three quarters (73 per cent) of consumers say the time it is taking businesses to realise that sensitive customer data has been lost is ‘unacceptable’, according to a survey by Bit9 + CarbonBlack.
The concern has risen to such a degree that over four in five (81 per cent) consumers in Britain actually fear that cyber criminals could already have stolen their personal details without anyone realising.
Many consumers are now calling for harsher penalties for businesses that could have prevented or detected a breach sooner if they had more effective, next-generation security measures in place.
There were 81 per cent of people that believed compromised customers should be compensated by the organisation holding their data, 59 per cent said a fine should be levied on organisations, while 40 per cent said those fines should be unlimited.
Around 7 per cent of people actually wanted individuals in the organisation to be culpable for their failures, calling for security officers to face jail time.
David Flower, managing director of Europe, Middle East and Africa, at Bit9 + Carbon Black, says: “The data that companies keep about their customers is a highly valuable commodity in today’s connected world; providing access to our bank accounts, shopping habits and even our very identity.
“High-profile data breaches at the likes of Target and more recently Ashley Madison have raised public awareness about the risks they are exposed to by the actions of cyber criminals seeking to steal their data.
“Consumers feel that it’s taking organisations far too long to detect a breach; if they can detect it at all, which is putting them at unnecessary risk. The demands for tougher penalties are an eye-opening indication of the way things could be headed if businesses don’t sit up and take note of these concerns.”
The research also revealed that the overwhelming majority (94 per cent) of consumers think businesses should have the ability to detect whether customer data has been stolen within 24 hours, while 47 per cent said this should be narrowed to a matter of minutes.
Nearly two-thirds (63 per cent) think that any business that stores sensitive information about them should keep it under constant, 24-hour surveillance to ensure that a breach can be detected sooner.
The significant majority (93 per cent) of consumers indicated their support for the mandatory and immediate disclosure of any discovered data breaches to the public and the authorities, which is set to be enforced by the forthcoming EU Data Protection Regulation.
However, many believe the EU isn’t going far enough: 94 per cent of respondents believed it should be mandatory for any business storing their data to have appropriate processes in place to ensure they are able to detect if data has been stolen as quickly as possible, so that ignorance cannot be used as an excuse for non-disclosure.
“Data breaches have become such a regular occurrence that the public has lost patience,” says Flower. “It isn’t enough to just put in a firewall and install antivirus software; cyber criminals have long since found their way past those defences.
“Businesses now need advanced security capabilities that allow them to prevent, detect and respond to threats; not just on the network, but on the endpoint devices where data is stored, accessed and processed.
“Businesses need to maintain always-on, continuous monitoring so they’re able to notify customers immediately if their data is stolen. This will enable the victim to take measures such as cancelling cards or notifying credit reference firms early enough to prevent the cyber criminals from doing any serious damage.”