Following the TalkTalk breach the Department for Culture, Media and Sport has now issued a cyber security report recommending a variety of new measures including penalties for CEOs when preventable breaches occur. Charles White, founder and CEO of cyber risk specialist IRM commented below.
Charles White, Founder and CEO at IRM:
“After many years of issuing best practice advice to try and improve the cyber security of UK Plc, it appears the government is now taking a much firmer hand in getting the attention of executives. However, with previous voluntary schemes such as Cyber Essentials largely going unheeded, we need more than reports and suggestions to enact real change.
“The possibility of their bonuses being hit by poor security performance should be an effective way of keeping cyber threats at front of mind for CEOs throughout the year, not just when a crisis arises. Just as with any other major disaster, the buck should stop at the top when a major breach occurs, and CEOs that were unaware of their company’s cyber-readiness should be prepared to pay the price.
“Including cyber security performance in annual reports alongside environmental and social reporting will also help to reinforce the perception of cyber as a vital operational matter, rather than some obscure IT issue to be shunted off to one side.
“However, with the threat of cyber-attack as obvious as it is, a CEO who has presided over a major breach that could have been prevented should consider themselves fortunate if they only forfeit a portion of their bonus, rather than losing their position entirely. Just as with major causes of fraud or environmental scandal, I anticipate serious breaches being regarded as a case of resignation in the near future.”