What the UK's Cybersecurity Defense Policy Is Lacking

It's no secret that robust cybersecurity measures are lacking in a lot of small and medium businesses, but the truth of the matter is that governments aren't doing much better. International cybersecurity became widely discussed following email breaches of the Democratic National Convention and Russia's interference in the U.S. presidential election.

Now, however, it appears as though the UK's new cyber defense policy is wrought with deficiencies of its own. Raise your own cybersecurity awareness with CyberPolicy to better protect your organization from the threats of hacker incursion.

Cyber-Anarchy in the UK
In January, the UK government released its 'Cyber Security Regulation and Incentives Review' which confirmed the implementation of the European Union's 'Network and Information Security Directive' (also known as the NIS Directive) to bolster regional cooperation on digital security requirements - despite Brexit.

The need for unified protection across Europe's digital infrastructure should be obvious. In fact, EU nations lag far behind the United States, China, Brazil and South Africa in protecting internet-linked devices. The Public Accounts Committee agrees that cyberattacks are one of the top four risks to nation security since 2010. Once in place, the NIS Directive will:

  • Impose obligatory security and breach notifications for many organization.
  • Impose new network and information security requirements on operators of essential services and digital service providers.
  • Require organizations to report security incidents to competent authorities of computer security incident response teams (each country must establish such teams).
  • Impose financial sanctions where a breach is intentional or a result of gross negligence.

While regional agreement is a step in the right direction, concerns about the efficacy of such a plan are still suspect. The NIS Directive is being called "inconsistent and dysfunctional." Critics argue there have been no attempts to coordinate the "alphabet soup" of government agencies meant to combat cyberattacks. Not to mention that cybercrime is evolving rapidly and the UK's private and public sectors are experiencing a severe 'skills gap' to match the problem; which is troubling since the onus of defense is put on companies.

What the EU's new cybersecurity directive lacks is a "consistent approach" to data breaches; without this, the government cannot make informed decisions about how to best prioritize its attention and address the problem. This is a similar concern for small businesses who may not have a contingency plan in place. If your company's defenses were breached today, do you know what your next steps would be?

Improve your cybersecurity awareness by developing a plan to combat digital incursion. Below are a few tips to get your started:

Work with your cyber insurance and cyber defense providers to investigate the breach, examine its cause and determine the damage.

Report the incident through the proper channels (internal and external).

Assess damages to your business including financial losses, downtime and reputation.

Communicate the extent of the breach (and the steps you are taking to fix it) to your third-party partners and customers.

Monitor customer accounts, credit statements and critical infrastructure for ongoing injury.

There is still time for the EU to remedy the oversights in its directive to better address the risk of data breach. In the meantime, you can boost your cybersecurity awareness and invest in a vigorous insurance plan with CyberPolicy. Start today!

© 2016-2020 CyberPolicy, Inc. All rights reserved. CyberPolicy®, "Plan. Prevent. Insure."™, and "CyberCheckup"™ are trademarks of CyberPolicy, Inc.
DBA: CyberPolicy Insurance Solutions CA License No. 0L13180
DBA: CoverHound Insurance Solutions CA License No. 0H52375