Strict regulations are favored by many security experts, as revealed by CIISec.
In a significant move towards bolstering cybersecurity, the UK government is advocating for a ban on ransomware payments for certain public sector and critical infrastructure organisations, as part of the Cyber Security and Resilience Bill. This law aims to prohibit ransomware payments by entities related to public sector organisations and critical infrastructure operators to enhance cybersecurity resilience.
The Chartered Institute of Information Security (CIISec) recently conducted a survey on cybersecurity laws, revealing some intriguing insights. The report highlights a need for a more collaborative approach to security, ensuring the board is aware of the risks and included in major decisions. Interestingly, 91% of respondents believe the board should take responsibility for breaches.
The survey also sheds light on the perceived inadequacy of current cybersecurity laws. More than two-thirds (69%) of industry professionals believe these laws are not strict enough. This sentiment is further reflected in the findings that over half (56%) of respondents believe senior management should face sanctions, prosecutions, or fines for serious cyber incidents.
The report, titled State of the Security Profession, was compiled from interviews with CIISec members and the wider security community. It focuses heavily on regulation this year, given the numerous security-related regulations that have been enacted or reached significant milestones. These include the EU AI Act, DORA, NIS2, the UK Data (Use and Access) Act, and the UK Cyber Security and Resilience Bill.
New laws like NIS2 and DORA make senior leadership personally liable for serious infractions. The UK government is also planning to roll out a mandatory incident reporting regime with penalties for organisations that refuse.
Interestingly, the survey recommends more learning for cybersecurity professionals, improved understanding of regulations, and better communication of risk to stakeholders outside of the security function. However, only 34% of respondents argued that specific employees who breach policy should be held responsible for their actions. Less than a third (31%) of respondents said CISOs should take responsibility for breaches.
The Cyber Security and Resilience Bill, DORA, and NIS2 were cited as having the most significant impact on the profession, despite the former still being in parliament and the latter two laws applying only to UK firms with European operations.
The survey underscores the importance of a collective effort in enhancing cybersecurity resilience, with a more accountable and informed senior leadership playing a crucial role. As the digital landscape continues to evolve, it is clear that the focus on regulation and accountability will remain a key driver in shaping the future of cybersecurity in the UK.
Read also:
- Understanding Hemorrhagic Gastroenteritis: Key Facts
- Trump's Policies: Tariffs, AI, Surveillance, and Possible Martial Law
- Expanded Community Health Involvement by CK Birla Hospitals, Jaipur, Maintained Through Consistent Outreach Programs Across Rajasthan
- Abdominal Fat Accumulation: Causes and Strategies for Reduction
