Execs still underestimate impact of data breaches

New research suggests nearly half of business leaders believe breaches are "no big deal."

A new report suggests Canadian businesses are overconfident in their approach to information security, even as the issue grows ever-more top-of-mind for consumers.

The Data Protection Report, conducted by Ipsos and commissioned by document destruction company Shred-It, includes a survey of 100 Canada executives at companies with a minimum of 100 employees, as well as 2,000 members of the public and 1,000 small business owners. The research was conducted between March 26 and April 1.

By and large, it suggests those in the country’s corner offices recognize the risks associated with data security but vastly underestimate their potential consequences. For example, 66% of those surveyed anticipate needing to report a data breach over the next five years, but nearly half (47%) continue to believe data breaches are “no big deal” (as opposed to 82% of consumers) or would describe them as “blown out of proportion.”

Moreover, while businesses may be in denial, consumers have grown increasingly worried about the ramifications a breach could have on them, with 36% of Canadians saying they would lose trust in the organization which suffered the breach. Another 27% say it would be enough to have them take their business elsewhere.

Millennials are even less forgiving than their older counterparts: more of them say a breach would cause them to lose trust in an organization (43% versus 33% for those aged over 35), would lead them to seek compensation (33% versus 18%) and would tell others about the issue (39% versus 29% for older generations). Meanwhile, only 34% of C-suite executives believe their organization would suffer from a breach.

The report found that, for the most part, executives trust in their employees, even though human error is often the main cause of data-related exposure, with 52% of executives reporting it as the source of a breach.