Third of people ‘hold chief executive personally responsible for cyber attacks’

A laptop screen showing a computer virus warning Credit: PA

Chief executives should be held personally responsible for cyberattacks, with many users believing they should also be compensated for such breaches, new research suggests.

A survey by data protection firm Veritas Technologies found that more than a third (35%) of UK consumers would see a business leader as personally responsible if a cyber breach of that business occurs.

It suggests that more than two-thirds (68%) believe they should be compensated when incidents such as ransomware attacks compromise their data, while 8% said they would like to see chief executives sent to prison if such a breach does take place.

Ransomware attacks involve hackers gaining access to a database and demanding payment in order to release control of it back to the business and its users.

Simon Jelley, vice president of product management at Veritas Technologies, said: “As consumers, we are increasingly well-educated about ransomware, so we’re unforgiving of businesses that don’t take it as seriously as we do ourselves.”

The research showed that 79% of those asked said they expected a business to have software protection in place, and 62% said back-up copies of data should also be used.

“Now, it seems, if businesses don’t get these basics right, consumers are ready to punish their leadership,” Mr Jelley said.

The research also suggests that people quickly lose patience with firms who fail to prevent cyberattacks, with 41% saying they would stop buying from a company that had been the victim of a ransomware attack.

The Government has proposed stricter punishment for tech firm chief executives who fail to protect users as part of its Online Harms legislation, final proposals for which are due to be released later this year.

It could include personal liability for executives as well as large fines for companies who fail to adhere to a new duty of care to users.

The new research also suggests some conflict in how the British public feels businesses should respond to ransomware.

While 80% of those surveyed said they want companies to stand up to hackers and refuse to pay ransoms, just under half (46%) said they would want a business to pay the ransom if their own financial data was involved.

“It may seem that businesses are in an impossible situation with consumers telling them both to pay – and not to pay – ransoms. However, what we, as customers, are really saying is that we want businesses to escape the dilemma by avoiding the situation in the first place,” Mr Jelley said.

“Consumers expect businesses to have the technology in place to restore their data without negotiating. That’s the win-win solution and, considering the likely brand damage and loss of customers that come with failing to put this into practice, the risk is simply too big for companies not to have this aspect of their systems in place.”