Firms should be fined for cyber-threat failings

posted on 13 October 2016, updated on 13 October 2016

A Commons select committee inquiry, launched by the Department for Culture, Media and Sport following the TalkTalk cyber attack earlier this year, has recommended fines for companies that fail to take adequate measures against cyber security threats. This would include for 'lack of attention to threats and vulnerabilities which have led to previous breaches', for delays in reporting a breach, and 'scope to levy higher fines if the organisation has not already provided guidance to all customers on how to verify communications'.

The inquiry also recommended that chief executives' pay 'should be linked to effective cyber security', and called for greater public information on cyber threats, driven by government awaress campaigns.

The report outlines the role of the government's Cyber Essentials scheme in helping companies to adequately protect themselves, emphasising that 'Cyber Essentials provides a good check list for small and medium-sized firms but needs revision in light of the recent experience of cyber attacks, particularly the probability that 90% of large organisations will experience a cyber attack and the growing problem of cyber-ransom demands'.

For more information on the Cyber Essentials scheme, see our topical issues piece.

Recent news stories on cyber attacks:

CIPFA is currently closed, webchat will be available from 03/01/24 from 09:00 - 17:00.