Data breach bosses 'should go to jail'

Attendees at this year's eCrime Congress have demanded stiffer penalties for data breaches

A quarter of IT security professionals believe that heads of companies which suffer serious breaches of confidential consumer data should go to jail, a recent survey reveals.

Only three per cent of respondents believe that there should be no legally enforced punishment for such breaches.

The survey of 107 attendees at this year's eCrime Congress was conducted by IT security firm Websense.

Unsurprisingly for the audience, 96 per cent said that governments should work together to tackle cyber-crime.

A large majority, 79 per cent, said that companies that allow consumer data to be exposed should be fined.

The respondents who advocated jail sentences for data breaches believe that responsibility should rest with the chief executive or a board member.

This might be linked to the fact that IT security specialists feel that they are not listened to at board level.

Three-quarters said that company boards still adopt a reactive approach to data loss, rather than planning for its prevention, and 45 per cent blame the board's reluctance to spend money for this policy.

"Board members should ensure that proactive, strategic action is taken to protect their organisation's essential information from emerging security threats and data loss to prevent sensitive information getting into the wrong hands," said Mark Murtagh, technical director at Websense.