Name And Shame Firms With Poor Cybersecurity

The cost of doing business in today’s GDPR world has been highlighted after a report suggested that businesses should be publicly named and shamed by the government for poor cybersecurity.

The report comes amid the growing blight of data breaches that has seen people’s personal data exposed by the likes of British Airways, Facebook and Marriott Hotels, to name but a few.

The report believes that publicly shaming a firm with poor cyber defences will incentivise them to improve their defences and help combat cyber crime.

Active defence

Many security experts have warned previously that outdated cyber defences are putting organisations at risk from constantly changing online threats.

The report however points out that private firms should should implement Active Cyber Defence (ACD) programme, which has been a key aspect of the work of the National Cyber Security Centre (NCSC) for a couple of years now.

Until now, it has been mostly public sector organisations that have followed the ACD scheme.

The report, written by experts at the Cyber Security Research Group and the Policy Institute at King’s College London, believes that private businesses applying ACD would have “significant potential in helping improve UK national cybersecurity.”

It laments the fact that the NCSC has “no legal power to mandate ACD in any circumstance.”

The report’s authors suggested that the National Cyber Security Centre expand its focus to include private businesses as well as public sector organisations.

Name and Shame

“We recommend that ACD be conceptualised provisionally as a public good to be delivered by both public and private partners,” the report stated.

“This may not be an easy pill to swallow for some private entities but, if NCSC is correct that ACD can help deliver a safer and more secure UK cyberspace, this will benefit companies as well as individual users,” it added.

“The UK case study suggests that a relatively minimal investment in ACD might help raise the bar of cybersecurity across the board – although some firms and organizations will inevitably be left behind,” Dr Tim Stevens, one of the report’s authors, was quoted by Forbes as stating.

“Those unwilling to invest may find their customers moving to more cyber-secure competitors,” he said. “Those that knowingly harbour cyber-criminality or fail to promote safe cybersecurity practices may find themselves identified publicly.”

The call that private firms should be held accountable will be sure to trigger a debate within business communities.

Many will feel that publicly identifying a private company with shoddy cybersecurity should only be a last resort.

Others will no doubt argue that it is the only way to force them to bolster their cyber defences in these dangerous times.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Amazon Alexa Recovers After Morning Outage

Alexa wake up alarm didn't work this morning? Smart lights didn't turn on? Outage of…

3 days ago

UK, Australia Reach Cyber, Critical Tech Agreement

Australia says it will 'fight back' against nation state cyberattacks, after agreements with the UK…

3 days ago

Italian Regulator Recalculates Apple, Amazon Fines

Italian regulator admits it has redetermined the fines against Apple and Amazon, over the sale…

3 days ago

Red Cross ‘Appalled’ As Hackers Steal Humanitarian Data Of 515,000 People

A new low. International Committee of the Red Cross shuts down reunification system, after hackers…

4 days ago

Russia Proposes Ban On Cryptocurrencies, Crypto Mining

Russia's central bank has this week proposed the banning on the use and mining of…

4 days ago