A report by Trend Micro has revealed that almost a fifth of companies aren't telling their customers when their data has been breached, nor do they have a formal policy to tell the data protection authority within 72 hours of discovering a breach.
"Already almost half of consumers (49 per cent) are unaware that their data can be shared with third parties and in many instances they need to opt-out to prevent it from being passed on," Rik Ferguson, Global VP of Security Research at Trend Micro said. "Having little visibility into where their data goes, and how secure that data is, spells real trouble."
The company questioned 100 senior decision makers in the UK about how they handle data leaks and it surfaced that although 74 per cent of those questioned think they are sufficiently protecting their customers, 83 per cent of companies have had to rethink their strategy following a breach.
Trend Micro's report also revealed that construction and engineering companies are least likely to tell their customers their data has been stolen, while 22 per cent of financial services companies are hesitant about telling their clients about a breach.
"Unfortunately, for many organisations the decision on whether to notify customers or keep a breach under wraps still comes down to a simple risk management calculation. Many still fail to deliver on their duty of care in hope of avoiding sanctions, brand damage and any potential customer payouts."
To help protect their customers against data breaches, organisations are not only introducing new tools, such as data protection policies, encryption technologies and remote wiping tools for lost devices, but they are also educating staff about how to protect themselves from hackers.
