Name And Shame Firms With Poor Cybersecurity

The cost of doing business in today’s GDPR world has been highlighted after a report suggested that businesses should be publicly named and shamed by the government for poor cybersecurity.

The report comes amid the growing blight of data breaches that has seen people’s personal data exposed by the likes of British Airways, Facebook and Marriott Hotels, to name but a few.

The report believes that publicly shaming a firm with poor cyber defences will incentivise them to improve their defences and help combat cyber crime.

Active defence

Many security experts have warned previously that outdated cyber defences are putting organisations at risk from constantly changing online threats.

The report however points out that private firms should should implement Active Cyber Defence (ACD) programme, which has been a key aspect of the work of the National Cyber Security Centre (NCSC) for a couple of years now.

Until now, it has been mostly public sector organisations that have followed the ACD scheme.

The report, written by experts at the Cyber Security Research Group and the Policy Institute at King’s College London, believes that private businesses applying ACD would have “significant potential in helping improve UK national cybersecurity.”

It laments the fact that the NCSC has “no legal power to mandate ACD in any circumstance.”

The report’s authors suggested that the National Cyber Security Centre expand its focus to include private businesses as well as public sector organisations.

Name and Shame

“We recommend that ACD be conceptualised provisionally as a public good to be delivered by both public and private partners,” the report stated.

“This may not be an easy pill to swallow for some private entities but, if NCSC is correct that ACD can help deliver a safer and more secure UK cyberspace, this will benefit companies as well as individual users,” it added.

“The UK case study suggests that a relatively minimal investment in ACD might help raise the bar of cybersecurity across the board – although some firms and organizations will inevitably be left behind,” Dr Tim Stevens, one of the report’s authors, was quoted by Forbes as stating.

“Those unwilling to invest may find their customers moving to more cyber-secure competitors,” he said. “Those that knowingly harbour cyber-criminality or fail to promote safe cybersecurity practices may find themselves identified publicly.”

The call that private firms should be held accountable will be sure to trigger a debate within business communities.

Many will feel that publicly identifying a private company with shoddy cybersecurity should only be a last resort.

Others will no doubt argue that it is the only way to force them to bolster their cyber defences in these dangerous times.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Hate Speech Watchdog CCDH To Quit Musk’s X

Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…

4 hours ago

Meta Fined €798m Over Alleged Facebook Marketplace Violations

Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…

5 hours ago

Elon Musk Rebuked By Italian President Over Migration Tweets

Elon Musk continues to provoke the ire of various leaders around the world with his…

7 hours ago

VW, Rivian Launch Joint Venture, As Investment Rises To $5.8 Billion

Volkswagen and Rivian officially launch their joint venture, as German car giant ups investment to…

8 hours ago

AMD Axes 4 Percent Of Staff, Amid AI Chip Focus

Merry Christmas staff. AMD hands marching orders to 1,000 employees in the led up to…

11 hours ago

Tesla Recalls 2,431 Cybertrucks Over Propulsion Issue

Recall number six in 2024 for Tesla Cybertruck, and this time the fault cannot be…

12 hours ago