Companies who have suffered a cyber-attack or data breach should be encourage to go public with the news in order to keep customers and shareholders properly informed, Liam Fox, former defence secretary has said.
In a speech to the defence and security think tank the Royal United Services Institute (RUSI), Fox argued the government needs to change the law to make it illegal to be hacked without informing shareholders and other stakeholders.
“Any organisation that does business with government should have a minimum defined level of cyber security or they will be excluded from government contracts,” Fox proposed.
He also called for cyber security to fall under the remit of a single government minister as part of an increased focus on the damage online attacks can have of businesses of all sizes.
He also warned that the growing global cyber threat “may mean that we will have to disinvest in some of the things that we can see, our traditional military capabilities, so that we can invest in things that we cannot see, ie cyber capabilities.”
These actions will help protect the UK against the growing threats of cyber warfare, Fox believes, noting that, “terror groups have been increasingly involved in projects to make drones ineffective or, worse, to turn them around and send them back to return fire on their senders.”
“Although we talk about cybercrime, cyber espionage, and cyber warfare as being separate entities they are in fact part of a continuum.”
Fox also recommended that centralising responsibility for cybersecurity precautions to a single government minister may help to focus efforts to keep Britain safe.
“I would like to see all government cyber activity, including both its offensive and defensive capabilities concentrated in one place and answerable to a single ministerial portfolio,” he said.
Responsibility for cybersecurity currently falls under the remit of several government department spending on the issue at hand, with the Ministry of Defence, Cabinet Office, the Foreign Office and Department of Culture, Media and Sport all having stepped up recently.
Fox’s views were welcomed by the technology industry, which highlighted the importance of increased industry collaboration between enterprises, government and law enforcement to help mitigate risk.
“The persistence and complexity of cybercriminal activity today has meant that it is no longer a case of if businesses will be targeted but when,” commented Terry Greer-King, director of cybersecurity at Cisco UK.
“Given the extent of the issue, businesses of all sizes need greater awareness of the current threat landscape to ensure they are best prepared to protect against the risks, therefore we welcome the call for greater disclosure around the number and severity of hacks taking place. Collaboration between enterprises, government and law enforcement is vital to allow for efficient detection and remediation of cybercriminal activity.”
How much do you know about 2015’s biggest data breaches? Try our quiz!
Rights group argues ChatGPT tendency to generate false information on individuals violates GDPR data protection…
European Commission says Apple's iPadOS is 'gatekeeper' due to large number of businesses 'locked in'…
As the cloud continues to be an essential asset for all businesses, developing and maintaining…
Internatinal conference in Vienna calls for controls on AI-powered autonomous weapons to ensure humans remain…
Major Taiwan chip assembly and test firm KYEC to sell Jiangsu subsidiary, exit mainland China…
As deepfake technology continues to blur the lines between reality and deception, businesses and individuals…
View Comments
Dr Liam Fox’s comments on the level of threat currently being posed by both criminal and state-sponsored hackers reflects what many in the cyber-security industry already know to be true. Neither governmental legislation nor organisational protocol have been able to keep up with the level of trust we have placed in the security of our online infrastructure, resulting in an incredibly high amount of risk in regards to our personal data, finances and our nation’s security. As has been demonstrated by the volume of frequently occurring data breaches, TalkTalk being the most recent example, cyber-criminals are ready to take advantage of these shortcomings, spelling disaster for the many people caught up in data breaches.
The new European General Data Protection Regulation, coming into effect next year, is increasing the urgency to deal with the threat of data breaches and other examples of cyber-crime. Under this impending regulation, companies with inadequate security will be forced to pay two to five per cent of their global revenue following a breach and face being named as a matter of public interest.
Under this new law the data breach experienced by TalkTalk would have resulted in a fine up to £90m, stressing the need for businesses to take the matter seriously. Dr Fox has called for legislation to stretch across the board, requiring any company that has been the victim of a successful hack to report to shareholders and other stakeholders. With the deadline for the EU regulations looming, and experts such as Dr Fox calling for even stricter regulation, it is imperative that all companies act quickly to achieve compliance and ensure their heads remain off the regulatory chopping block.
While the fines involved have been determined, it’s difficult to quantify the reputational damage that will follow a data breach. The risk of loss of customer data and the knock on effects of supply chain confidence, customer loss and even share price demise would likely result in a significant loss of profit for any company, making the related insurance cost and post-breach clean-up process seem even more costly. C-suite jobs are now on the line and the forthcoming EU Data regulations hold the executives culpable for the security of their organisations data.
To ensure compliance and importantly stay one step ahead of the hackers, it’s time for businesses to change their mind-sets to stop concentrating on detecting ‘known threats’ to focus on validating ‘known goods’. As cyber-security continues to rise up the boardroom agenda in 2016, no doubt emphasised by inevitable high profile breaches, expect to see more changes to legislation, corporate cultures and practices.
Greg Sim, CEO of Glasswall Solutions
I think that is a fine idea, as long as the government include themselves in this. Having contracted within the public sector and seen first-hand just how bad the IT security is along with the complete disregard for secure data handling, I think it is time people knew that their TalkTalk logins are the least of their worries.