Punish companies for cyber security failures, directors say

Punish companies for cyber security failures, directors say.

ompanies should face severe financial penalties if they fail to keep customers’ data safe, a majority of directors believe, amid a spate of cyber attacks on big businesses.

Seven in 10 board members have demanded stricter punishment for those who fail to meet basic cyber-security requirements, according to research group ComRes.

The figures, due to be presented at the Institute of Directors Annual Convention on Tuesday by the FTSE 250 security company NCC Group, come in the wake of Yahoo revealing the biggest-ever cyber attack on a major company.

Yahoo said last week that passwords, names and phone numbers from more than 500m accounts had been stolen by state-sponsored hackers in 2014, but had only recently been discovered. The attack affects 8m British internet users, including some with Sky and BT email accounts.

Graphic courtesy of The Telegraph

At present, security failings are punishable with a fine of up to £500,000 from the Information Commissioner’s Office (ICO). EU data protection rules due to come into force in 2018 will create penalties of up to 4pc of global revenues or up to €20m (£17m), but it will be up to national regulators to enforce the rules.

It is unclear whether Britain will have to apply the legislation when it leaves the EU, or whether it might try to encourage companies to move to the UK by introducing a less-strict regime, as some have suggested.

The research, which surveyed 200 directors from companies with more than 500 employees, found that 71pc believe companies should be penalised for failing to meet basic cyber security requirements. A greater number – 77pc – believe that regulators should be tougher on companies that have inadequate defences.

Rob Cotton, NCC’s chief executive, said big companies were often the most complacent about cybersecurity, with directors themselves refusing to take responsibility for safety.

“For years it hasn’t been taken seriously enough in boardrooms across the country and while these results don’t prove that it’s now being managed appropriately, they do show that directors are realising that greater scrutiny and oversight from regulators and government will stimulate the necessary action and help drive-up standards,” he said.

It comes after a string of attacks on big businesses in the last year, including TalkTalkBritish Gas and LinkedIn. TalkTalk was fined £1,000 by the ICO earlier this year for failing to notify the regulator earlier.


Originally published on The Telegraph.

IT'S Time to level up

It's Time to Level Up

BlackOps Partners is committed to protecting your information. Your information will be used in accordance with the applicable data privacy law, our internal policies and our privacy policy. Your information may be stored and processed by BlackOps and its affiliates in countries outside your country of residence, but wherever your information is processed, we will handle it with the same care and respect for your privacy.