Dallas School System Created Bogus Social Security Numbers For Undocumented Foreign Workers
Have You Heard About Credit Reports From Innovis?

More Than Half of British Companies Have Lost Data

Shocking statistics last week. More shocking statistics today.

The ComputerWorld Storage Security blog reported:

"An astonishing 55% of British companies have lost data, according to a new report of 785 IT professionals in the U.K."

There's more bad news:

"Conducted by the Ponemon Institute LLC, the survey found that 49% of them have had over two breaches in the last two years."

That's almost half have suffered multiple data breaches. How many data breaches does it take before executives learn? Apparently some corporate executives are slow learners, if that. Yet, there's more:

"Around two-thirds of respondents said negligence, including that of outsourcers, was responsible for data breaches, compared with only 10% who said hackers were a major cause. A third said insiders were a threat."

And, the bad news continues:

"Many firms were unable to track data breaches and find the source of the problem. Some 44% said they were not confident they could even detect a breach in the first place, and over half take several weeks to notify any customers affected."

Let me summarize all of this. Over half of British companies have had data breaches. About half of those have had multiple data breaches. And, a large number can't detect data breaches when they occur. So, the actual data breach activity probably is worse than the above statistics.

Companies and executives unable to detect data breaches? That seems to mirror the incompetence found within a study of data breaches at American companies.

Several weeks before consumers are notified? That seems pretty good compared to US companies. Really? In 2007, it took IBM three months to notify me and other current and former employees about its data breach. And IBM supposedly specializes in the computing and data security business! It took the Bank of New York Mellon 3 months to notify some of its data-breach victims, and 6 months to notify the rest after the bank increased its count of data-breach victims from 4.5 to 12 million.

And, we won't discuss the 90+ million records exposed by the TJX Companies / TJ Maxx debacle.

Corporate executives are still proving that they won't take data security and data-breach notification seriously until there are stiff penalties -- like huge fines and/or jail time.

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

John Taylor

George,

Look at this.

http://blog.wired.com/27bstroke6/2008/11/barack-obamas-p.html


John

Javis Lounsbury

These companies have successfully betrayed their customers, then. But shouldn't they have internal SOPs on how to recover the data lost? How were they able to overcome the breach?

The comments to this entry are closed.