cyber attack

Make CEOs personally liable for cyber breaches, one in three say

Chief executives should shoulder the blame for cyber attacks and users should be compensated for such breaches, survey respondents have said.

A poll of 2,000 consumers from data protection firm Veritas Technologies found that more than a third of respondents (35 per cent) would like to see business leaders be held personally responsible for a cyberattack. Significantly, eight per cent even said chief executives should be sent to prison in such a scenario.

A further two-thirds (68 per cent) felt they should be compensated if a business fails to retrieve stolen data.

Ransomware attacks involve hackers gaining access to data and demanding payment in order to restore control to rightful data holder.

Simon Jelley, vice president of product management at Veritas Technologies, said: “As consumers, we are increasingly well-educated about ransomware, so we’re unforgiving of businesses that don’t take it as seriously as we do ourselves.”

The survey also demonstrates that people have little patience for cyberattacks, with 41 per cent saying they would refuse to buy from a firm that had been the victim of a ransomware attack.

Over three quarters (79 per cent) of those asked said they expected a business to have software protection in place, and 62 per cent said back-up copies of data should also be used.

“Now, it seems, if businesses don’t get these basics right, consumers are ready to punish their leadership,” Jelley said.

The new research also suggests some conflict in how the British public feels businesses should respond to ransomware. While 80 per cent said they do not want companies to acquiesce to ransom demands, 46 per cent said they would if their own financial data was involved.

Last year, the Federation of Small Businesses said that SMEs were subject to almost 10,000 cyber attacks a day in the UK. 

The Government has also proposed stricter punishment for tech executives who fail to protect users as part of its Online Harms legislation.

“It may seem that businesses are in an impossible situation with consumers telling them both to pay – and not to pay – ransoms. However, what we, as customers, are really saying is that we want businesses to escape the dilemma by avoiding the situation in the first place,” Jelley said.

“Consumers expect businesses to have the technology in place to restore their data without negotiating. That’s the win-win solution and, considering the likely brand damage and loss of customers that come with failing to put this into practice, the risk is simply too big for companies not to have this aspect of their systems in place.”

Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.

Recent articles