In light of COVID-19 precaution measures, we remind that all ImmuniWeb products can be easily configured and safely paid online without any human contact or paperwork.

Total Tests:
Stay in Touch

Weekly newsletter on AI, Application Security & Cybercrime


Your data will stay confidential Private and Confidential

UK Businesses want watchdogs to punish cyber security failures

Thursday, September 29, 2016 By Read Time: 2 min.

The vast majority of UK business leaders believe that tougher penalties are required to help prevent major breaches - but are they right?


New research indicates that UK companies would like much tougher action from watchdogs to penalise inadequate security measures.

UK Businesses want watchdogs to punish cyber security failures

The majority of UK directors - 77 per cent - believe that enterprises that fail to keep customer data safe should face severe financial penalties. A similar majority, 71 per cent, believe that companies who fail to meet basic cyber-security requirements should be penalised too, according to the research by ComRes.

Interestingly, just under half (48 per cent) of those asked felt cyber threats were now a bigger risk to their business than market volatility. The research surveyed 200 directors from companies with more than 500 employees, and comes just days after Yahoo announced the biggest data breach in history which has exposed more than half a billion user passwords and personal information.

The Yahoo breach dwarfs even the Myspace breach of May 2016, as this helpful infographic makes clear:

UK Businesses want watchdogs to punish cyber security failures

Speaking at the Institute of Directors annual convention, NCC Group CEO, Rob Cotton, introduced the ComRes research, and said that larger companies were often the most complacent about cybersecurity, with directors themselves refusing to take responsibility for safety.

For years it hasn’t been taken seriously enough in boardrooms across the country and while these results don’t prove that it’s now being managed appropriately, they do show that directors are realising that greater scrutiny and oversight from regulators and government will stimulate the necessary action and help drive-up standards,” he told the Telegraph

Current UK penalties are based on the Data Protection Act and are enforced by the Information Commissioner’s Office (ICO). Maximum fines are set at up to £500,000. However, new EU-wide regulation is set to become law in 2018, which will raise potential fines to 4pc of global revenues or up to €20m (£17m), but national regulators will be in charge of enforcing the letter of the law.

That said, the cost to businesses who have suffered a data breach isn’t all about regulatory penalties. A recent Ponemon study found that the average cost to a business of a data breach grew from $3.8 million to $4 million in 2016. The average cost incurred for each lost or stolen record containing sensitive and confidential information increased from $154 to $158 - which puts the cost of the Yahoo breach at a fairly punitive $790 billion.

It’s also not as if boards are not throwing money at preventing the problem either, with overall spend just on cybersecurity tools by companies and governments expected to hit $202 billion a year by 2021, up 66 per cent from this year, according to research firm MarketsandMarkets. It is certainly true that there is little room for complacency though, as successful attacks continue to rise, and it seems that applications remain the leading cause of security breaches. Developers themselves seem to agree, with 47 per cent of respondents to a recent SANS report admitting that the effectiveness of their AppSec programs needed improvement, whether evaluated internally (47 per cent) or in comparison to other organizations (36 per cent).

UK Businesses want watchdogs to punish cyber security failures

Technical research by High-Tech Bridge has uncovered a plethora of widely-ignored but endemic issues, particularly around application security. Although best practice application security has often resulted in the deployment of a Web Application Firewall (WAF), and indeed Gartner has predicted that by 2020, more than 60 percent of public web applications will be protected by a WAF, High-Tech Bridge research indicates that those currently protected by one contain 20 per cent more vulnerabilities on average than unprotected ones. Moreover, an impressive 60 per cent of web vulnerabilities have advanced exploitation vectors allowing hackers to bypass WAF configuration entirely and thus compromise the web application - full technical breakdown is here.

So is tougher regulation the silver bullet? Probably not, although it is set to tighten up over the next few years whether businesses like it or no. Can more be done to prevent breaches? Certainly, and often at a pretty basic level (how do your servers look under the microscope of this free test? ) but one final stat from Gartner might hold the key - through 2020, 99 per cent of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year...


Mark Mayne has covered the security industry for more than 15 years, editing news for SC Magazine and editing SecurityVibes UK. Mark has a background in national news journalism and tech reporting, and has run b2b and b2c editorial sites.

User Comments
Add Comment

Ask a Question