Wary of cyber security laws, UK eyes soft approach

Comment on this story


iol scitech july 10 cyber law

AFP

'While social media may differ from traditional methods of business and marketing, its regulation in the workplace involves the same issues that HR practitioners grapple with on a daily basis.'

London - Britain will try to get companies to beef up cyber security by encouraging investors and shareholders to hold them to account on the issue, but will reject US-style mandatory reporting of online attacks, government officials say.

Britain has made tackling the theft of intellectual property on the Internet and the protection of critical infrastructure from hostile cyber assault top national security issues, setting aside 650 million pounds over four years to address the problems.

More than nine in 10 British companies have suffered a cyber breach in the past year and intellectual property is being stolen on an “industrial scale”, government officials said in a briefing ahead of a government update on Monday on its year-old cyber security strategy.

But despite the fact that more and more trade secrets are being purloined via the Internet, officials said they favoured a softly-softly approach.

That would involve professional auditing and governance bodies and shareholders and analysts pressuring company directors to explain what they were doing to thwart cyber threats, they said.

“The government does want to see more disclosures. But we don't think the right way of approaching that is to pass laws to force people to do it in those areas where they are not already obliged,” one official said on condition of anonymity because of the sensitivity of security issues.

“Rather than forcing companies to disclose it, we think it is best to encourage analysts, investors, shareholders, insurers, to ask for that information,” he said.

Unlike their US peers, British companies aren't required to report cyber attacks, an obligation that supporters of such legislation believe keeps directors on their toes and helps ensure cyber defences are up to scratch because of the fear of reputational damage.

However, Britain believes obligatory reporting risks having the opposite effect and becoming a “perverse incentive” that would prompt directors to actually turn a blind eye to online breaches in order to escape unwanted publicity.

Even when companies did reveal such attacks, company directors would be likely to say as little as possible about such incidents, the official said.

Mandatory reporting “would be positively harmful from the point of view of getting people to share information,” he said.

In a related move, the government said on Monday it would extend a pilot scheme under which 160 firms in the defence, finance, pharmaceuticals, energy and telecommunications sectors shared information about cyber attacks confidentially.

Alan Calder, head of British cyber consultancy IT Governance, questioned the government's approach, saying the US model of mandatory reporting was a good discipline for directors.

“Being forced to disclose information would be a very good thing, it would put a lot of pressure on companies,” he said. - Reuters

Hungry for more scitech news? Sign up for our daily newsletter


sign up
 
 

Comment Guidelines



  1. Please read our comment guidelines.
  2. Login and register, if you haven’ t already.
  3. Write your comment in the block below and click (Post As)
  4. Has a comment offended you? Hover your mouse over the comment and wait until a small triangle appears on the right-hand side. Click triangle () and select "Flag as inappropriate". Our moderators will take action if need be.

     

Join us on

IOL-Social networks IOL-Social networks IOL-Social networks IOL-Social networks