Almost a fifth (19 per cent) of companies in the UK wouldn’t notify their customers in case of a data breach, a new report highlights.
As the EU GDPR draws closer, Trend Micro investigated if companies have formal processes in place to notify data protection authorities (within 72 hours), and the public, in case of a data breach, as will be enforced by the Regulation.
More than half, 57 per cent, said they did have them, and that they always do notify properly.
But, just under a fifth (19 per cent) said they do have processes in place but deliberately avoid telling their customers. This percentage grows in industries such as financial services (22 per cent), large businesses (33 per cent), and construction and engineering companies (50 per cent). Another 19 per cent said they had no formal processes in place.
That’s why it’s even more interesting to see that the confidence in the industry’s capability to guard customer data is growing. Almost three quarters (74 per cent) of UK businesses feel they could protect themselves against data breaches, jumping from 69 per cent back in 2014.
Almost all companies (83 per cent) were forced by high-profile breaches (Mossack Fonseca, Sony Pictures Entertainment, etc.) to rethink their data protection strategy, and almost half of those (43 per cent) now have new processes.
“Already almost half of consumers (49 per cent) are unaware that their data can be shared with third parties and in many instances they need to opt-out to prevent it from being passed on. Having little visibility into where their data goes and how secure that data is spells real trouble,” says Rik Ferguson, Global VP of Security Research at Trend Micro.
“Unfortunately, for many organisations the decision on whether to notify customers or keep a breach under wraps still comes down to a simple risk management calculation. Many still fail to deliver on their duty of care in hope of avoiding sanctions, brand damage and any potential customer payouts.”
Image source: Shutterstock/wk1003mike