A new report published by the Cybersecurity Research Group and the Policy Institute at Kings College London on Tuesday called for the government to publicly name and shame businesses with inadequate cybersecurity measures in order to incentivise them to improve their defence and reduce the rate of cybersecurity attacks.
The intervention comes on the back of the Ipsos MORI Cybersecurity Breaches Survey 2018, which found that over four in ten businesses (43%), and two in ten charities within the UK experienced a cybersecurity breach in 2017-18.
The report suggested that businesses, charities, and other organisations to implement strategies included the government’s Active Cyber Defence Programme (ACD), which has up until now only been used in public sector organisations.
ACD helped reduce cybercrime
The research claims that private sector organisations that apply ACD strategies would have “significant potential in helping improve UK national cybersecurity”.
“Initial indications are that ACD has helped reduce the incidence and effects of low-level cybercrime on government agencies and service users”.
Researchers at Kings College London state that the technology used as part of the ACD programme has resulted in a significant fall in scam emails from false government addresses and the removal of thousands of phishing sites which pretend to be government agencies to steal users’ private details.
“We propose that firms and other stakeholders engage more actively with government through the NCSC in order to develop further how ACD might be deployed throughout UK networks as a means of countering cybercrime in the UK,” the report reads.
The report called on the government to expand ACD beyond the public sector, and include private sector organisations.
According to Forbes, Dr. Tim Stevens, one of the report’s authors, said that for those who are unable to invest, guidance would be given by the National Cybersecurity Centre and other agencies.
“Those unwilling to invest may find their customers moving to more cyber-secure competitors. Those that knowingly harbour cyber-criminality or fail to promote safe cybersecurity practices may find themselves identified publicly,” Dr. Stevens was quoted by Forbes as stating.
“This happens already when data breaches are revealed in the press for instance. NCSC has suggested there may be a future need to name and shame persistent offenders but how that would work has not been articulated. No one really wants to have to do this, the hope is that organisations will want to pursue better cybersecurity anyway,” he added.