Who is to blame within an organisation when a data breach occurs?

Nearly half of IT and IT security professionals across global businesses and government agencies have suffered a security breach in the last 24 months. Headline grabbing hacks such as Talk Talk and Sony are putting both personal and corporate data increasingly at risk as growing numbers fail to keep personal information secure.

Recent news has seen data breach after data breach including those of communications giant TalkTalk, whose customer information was compromised due to a data breach by a third party, and even the Sony hack, where a lack of secure computer systems led to a release of confidential data.

Whether a result of malicious intent or simple human error, it is clear that mismanagement of sensitive information is commonplace. A data breach puts your businesses reputation at risk, damages consumer trust and can impact the bottom line.

> See also: Top ten things you need to know about data breaches

So who exactly is to blame when a data breach occurs? According to the IBM security services 2014 cyber security intelligence index report, over 95% of all incidents investigated recognise human error as a contributing factor of security incidents.

An employee more than likely deals with valuable and confidential information on a daily basis. While it may not be the next Coca-Cola recipe or finer details of Apple’s iPad Pro, it could still be confidential information which, if it fell into the wrong hands, could have significant repercussions for the business.

Although most cyber attacks are simple and predicable, it’s not always an outside threat that businesses need to be aware of.

If employees are handling corporate information regularly, they may not always treat it with the care and attention required and this is where preventable data breeches can occur. All it takes is an employee to accidentally email the wrong person and the ramifications can be severe.

To avoid this, it can be as simple as just applying additional checks when completing routine tasks. But the buck doesn’t stop with your employees – you, as their employer, should provide regular training to help them understand the important role they play in reducing the risk of a breach, as well as driving and supporting a change in behaviour business-wide to reduce the risk of error.

> See also: Top tips on how to rethink your cyber security and avoid becoming the next TalkTalk

In many ways, it’s about respecting and protecting the value of the information that your company holds and being part of a culture that is built on information responsibility.

After all, you want to make sure that your business isn’t involved in the data breach you read about in next week’s news and you definitely don’t want to damage relationships with your customers.

Sourced from Charlotte Marshall, managing director, Iron Mountain UK, Ireland and Norway

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics

Data Breach