A recent study conducted by International Cyber Expo has revealed that in the event of a data breach at an organization, nearly one in every five individuals across the UK believes that the person(s) responsible for allowing initial entry should face the harshest penalty. The research sheds light on the prevailing blame culture surrounding data breaches and the need for stricter consequences for those responsible.
Out of the participants surveyed, 19% expressed the view that individuals who facilitated the breach through means such as phishing or poor security practices should be held most responsible. Furthermore, of those individuals, 34% considered prison to be the most suitable punishment for a data breach. These findings indicate a growing demand for more severe penalties for individuals involved in facilitating data breaches.
The survey, conducted by Censuswide on behalf of International Cyber Expo, included responses from 1,000 nationally representative UK respondents aged 16 and above. While a larger portion of the population (29%) believed that the cybercriminals who exploited the organization’s vulnerabilities should be held most responsible, it is important to note that historically, many cyber crimes go unreported and cybercriminals are rarely convicted.
When asked who should be responsible for compensating the victims of a data breach, 35% of the respondents believed that it should be the perpetrators themselves. Meanwhile, 26% thought that the courts should take on this responsibility through compensation orders, and 20% believed that the treasury should play a role through the Proceeds of Crime procedures. However, identifying the offender in cybercrime cases is often challenging, making it difficult to determine responsibility and deliver compensation to victims.
Flavia Kenyon, a Barrister at The 36 Group and member of International Cyber Expo’s Advisory Council, emphasized the need for cyber laws and regulations to continuously adapt to technological advancements. Kenyon highlighted the fragmented nature of the current legal framework, where various acts and regulations are enforced to combat cybercrime. These include the Computer Misuse Act 1990, the Data Protection Act 2018, the Fraud Act 2006, and the Proceeds of Crime Act 2002.
Kenyon further emphasized the importance of an overarching cybersecurity legislation to ensure clarity, effective compliance, and enforcement. She also mentioned the presence of mandatory duties, such as directors’ duties under the Companies Act 2006, which trigger civil liability and fines for non-compliance under different acts and regulations.
Apart from cybercriminals and individuals who facilitated the data breach, the survey revealed that 18% of respondents believed that the CEO or board members of software providers should be held most responsible for not providing secure products and updates. Additionally, 15% and 14% attributed responsibility to the CEO or board members of the targeted organization and the CEO or board members of cybersecurity providers, respectively. These findings are noteworthy in light of the recent National Cybersecurity Strategy announced by the White House, which aims to shift liability for insecure software products and services to the entities that create them.
A significant portion of the respondents (16%) also held the cybersecurity team of the targeted organization responsible for the data breach. This finding raises concerns among Chief Information Security Officers (CISOs) about potential personal liability in case of a breach.
The International Cyber Expo, an upcoming event set to take place on September 26th and 27th, 2023, at London Olympia, will explore these issues further. The expo aims to provide a platform for industry professionals to discuss and address cybersecurity challenges. This event highlights the growing importance of cybersecurity in today’s digital landscape and the need for collaboration and innovative solutions to protect critical digital infrastructure and data.
To register for free as a visitor to the International Cyber Expo, individuals can visit the registration link provided on their website. This expo promises to be an essential gathering for cybersecurity professionals, policymakers, and organizations seeking to stay updated on the latest developments and solutions in the field of cybersecurity.