Proposed UK Law Requiring Business To Disclose Cyber Attacks (£)
Governments will over the next decade introduce legislation forcing businesses to firms to notify shareholders and police immediately after they have been hacked just as they would be expected to do for traditional security breaches.
And businesses that fail to do this will face prosecution. This process will begin in the EU and the US in the next few years.
Recently Liam Fox, the former UK Defence Secretary and Conservative MP for North Somerset, told the RUSI the Royal United Service Institute that governments should introduce cyber attack legislation and that business should begin to talk about cyber breaches and ones that don’t should face prosecution.
Discrepancy between protocol and trust
Tim Heath CEO of Cyber Security Intelligence said Fox’s comments on the level of threat posed by criminal and state-sponsored hackers reflects what many in the cyber security industry already know to be true.
“The problem is not going to go away and it will increase until business take the market effects seriously instead of just being concerned about their own individual PR,” said Heath.
The process will take a while but is very necessary and requires more understanding for governments and organisations of the hacking process and the threats that are imposed on different industry and commercial sectors. Heath said it took a long time fore governments to wake up to the need for finical audits and what is now required is a similar legislative and technical requirement for cyber and the attacks said Heath.
The whole process of structuring your organisations old data is very important commercially as it brings it back to life again, making it incredibly useful and effective. The Board should discuss this and have their old data analysed to get an understanding of the potential going forward.