For sure, we seem to be living a new economics era for cybercrime. Many have been the cases of companies ‘cyber-affected’ in recent times. One of them that we put the focus on last year is the British TalkTalk. On October, 26th, 2015 (CCI’s “Newsletter” issue number 126) we mentioned TalkTalk in these terms: “After the mobile operator TalkTalk scandal, British press has reported that IoD points to cyber hacking as one of their biggest concerns, urging the UK Government to implement the necessary measures to fix de problem”. Today we are certain to say that the UK authorities did hear the demand from the British corporate stablishment as the UK Parliament, via its House of Commons’ Culture, Media and Sport Committee has just released a report -find it in our ‘Documents’ session- on the TalkTalk case in which a series of relevant conclusions have posed. Let me share them with you!
First, the report states that “Although ultimate responsibility for cyber security within a company lies with the CEO, it would be highly unusual for the CEO of a company to have to resign over an attack”. Really? Do not British MP’s remember the number of CEOs that have resigned in the last decade, some of them having been mentioned here regularly? And, moreover, “the ultimate responsibility lies with the CEO”, but what about the Board of Directors? Does all this, in the end, mean the end of accountability?
Not happy with this, the report continues “Cyber security should sit with someone able to take full day-to-day responsibility, with Board oversight, and who can be fully sanctioned if the company has not taken sufficient steps to protect itself from a cyber-attack”. They are referring to the CIO or the Head of Security [report mentions both], but, again, does it mean that the person in charge of Cybersecurity should be understood as a punishable role only?
May be the UK MPs have a little more to fix that the Brexit referendum's result!
At least they agreed on setting some measures in order to increase CEO’s awareness on the matter [despite releasing the BoD from any liability]: “To ensure this issue [cyber security] receives sufficient CEO attention before a crisis strikes, a portion of CEO compensation should be linked to effective cyber security, in a way to be decided by the Board”.
Meanwhile this keeps seeming a good time to become a cybercriminal: the digital underworld spans, the electric grid and other infrastructures are being attacked making real the idea that Stuxnet was not but the opening shot; and 'smart OT' developments keeps bringing both rewards and consequences.
Deepen these and other topics in our weekly "Newsletter". Subscribe here and enjoy reading!