Compliance & Strategy

Name and shame for poorly secured companies

on

Academics have urged the UK government to name and shame private companies with poor cybersecurity protocols so as to force them to install more safety measures and be more compliant with data laws, protection and regulation.

The advice comes from a recently published report titled “UK Active Cyber Defence: A public good for the private sector”, commissioned by King’s College London’s Cyber Security Research Group and the Policy Institute, an independent organisation that conducts research with the end goal of addressing and resolving a number of societal issues.

The study claims that businesses will be incentivised to improve their online defence mechanisms if they are publicly condemned for not already applying up-to-scratch security measures, so as to protect their customers’ information and their own reputation.

The research is in response to Ipsos MORI’s Cyber Security Breaches Survey in 2018, which found that roughly 40 per cent of all businesses across the country were recipients of a cyberattack or security breach during the 2017-2018 time period.

As a result of this revelation, King’s College London is encouraging businesses, organisations of all kinds and even charities to jump on the cybersecurity bandwagon and to follow protocols outlined in the government’s Active Cyber Defence (ACD) programme, which has historically only supported public sector institutions. The aim is to place the programme at the core of organisations’ operations and technology, to reduce scam emails and phishing sites.

Having proved successful for government agencies, in that the number of threats and thefts of personal information have reduced significantly, Dr Tim Stevens, the convener of King’s College London’s Cyber Security Research Group, is pushing for the inclusion of private sector companies in this programme to benefit in similar capacities.

“Our research finds that ACD could be legally cheaply and efficiently rolled out beyond the public sector, to further protect people online,” he said.

“The UK case study suggests that a relatively minimal investment in ACD might help raise the bar of cybersecurity across the board – although some firms and organisations will inevitably be left behind.”

However, for those companies unable to provide the financial backing to invest in adequate cybersecurity technologies, help ought to be given by the government’s National Cyber Security Centre (NCSC) and other similar platforms.

Stevens added: “Those unwilling to invest may find their customers moving to more cyber-secure competitors. Those that knowingly harbour cyber-criminality or fail to promote safe cybersecurity practises may find themselves identified publicly.

“This happens already, when data breaches are revealed in the press for instance. NCSC has suggested there may be a future need to name and shame persistent offenders but how that would work has not been articulated. No one really wants to have to do this, and the hope is that organisations will want to pursue better cybersecurity anyway.”

About Lee Hazell

Lee Hazell is a cyber security consultant with a keen interest in anything tech or security related. Follow Lee on .

Leave a Reply

Your email address will not be published. Required fields are marked *