Companies are not learning from the mistakes of others

The Information Commissioner announced that 94 serious security breaches have been reported in the past six months, in a conference today on data security.

Paul Skinner, UK and Ireland ICT practice leader at Chubb Insurance, said: The Information Commissioner’s announcement highlights that companies have still not learnt from the mistakes of others, despite some very high profile security breaches. The cost of these incidents to businesses is of great concern with a survey out today revealing that the total runs to several billion pounds per year.

Although the threat of outsider attacks has been given considerable publicity, it is important to remember many security incidents are simply the result of the inside user. While there is now much more awareness of the threat of data breaches, the underlying problem of human error remains. It is of utmost importance that all staff are trained in data handling and that companies check that they are covered in their insurance policies for this type of breach. A company with untrained staff may find itself with not only an incident but at worst a problem with its reputation."

With the Information Commissioner calling for increased powers, there has been discussion of a move towards a US-style state law where data breaches must be disclosed. Before considering this move a clear definition of what a data breach is must be agreed upon. At the moment there appears to be no consensus on what constitutes a breach, Skinner added.