Name And Shame Firms With Poor Cybersecurity

The cost of doing business in today’s GDPR world has been highlighted after a report suggested that businesses should be publicly named and shamed by the government for poor cybersecurity.

The report comes amid the growing blight of data breaches that has seen people’s personal data exposed by the likes of British Airways, Facebook and Marriott Hotels, to name but a few.

The report believes that publicly shaming a firm with poor cyber defences will incentivise them to improve their defences and help combat cyber crime.

Active defence

Many security experts have warned previously that outdated cyber defences are putting organisations at risk from constantly changing online threats.

The report however points out that private firms should should implement Active Cyber Defence (ACD) programme, which has been a key aspect of the work of the National Cyber Security Centre (NCSC) for a couple of years now.

Until now, it has been mostly public sector organisations that have followed the ACD scheme.

The report, written by experts at the Cyber Security Research Group and the Policy Institute at King’s College London, believes that private businesses applying ACD would have “significant potential in helping improve UK national cybersecurity.”

It laments the fact that the NCSC has “no legal power to mandate ACD in any circumstance.”

The report’s authors suggested that the National Cyber Security Centre expand its focus to include private businesses as well as public sector organisations.

Name and Shame

“We recommend that ACD be conceptualised provisionally as a public good to be delivered by both public and private partners,” the report stated.

“This may not be an easy pill to swallow for some private entities but, if NCSC is correct that ACD can help deliver a safer and more secure UK cyberspace, this will benefit companies as well as individual users,” it added.

“The UK case study suggests that a relatively minimal investment in ACD might help raise the bar of cybersecurity across the board – although some firms and organizations will inevitably be left behind,” Dr Tim Stevens, one of the report’s authors, was quoted by Forbes as stating.

“Those unwilling to invest may find their customers moving to more cyber-secure competitors,” he said. “Those that knowingly harbour cyber-criminality or fail to promote safe cybersecurity practices may find themselves identified publicly.”

The call that private firms should be held accountable will be sure to trigger a debate within business communities.

Many will feel that publicly identifying a private company with shoddy cybersecurity should only be a last resort.

Others will no doubt argue that it is the only way to force them to bolster their cyber defences in these dangerous times.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago