MPs get tough on cyber-security

22 June 2016

Report suggests linking bosses' pay to cyber attacks on their companies


Firms should all have someone responsible for overseeing cyber security on a day-to-day basis, according to MPs.

Proposals from the Department of Culture, Media and Sport select committee, have also suggested that chief executives should have part of their pay packet linked to the state of their companies' cyber security.

According to an article by financial website This Is Money, the proposals were drafted in the aftermath of the TalkTalk hack in October last year. It reveals that TalkTalk chief executive Dido Harding, received £2.8million in pay and share bonuses for the last 12 months, despite the telecoms company having 157,000 customer details hacked. Harding received £550,000 in base pay – and said she would donate her £220,000 annual cash bonus to charity.

The MPs’ report also says it should be easier for people to claim compensation if they have been victim of a data breach. It says there are number of organisations, such as the Citizens Advice Bureau and police victim support units, which could provide further advice as to how to seek redress through the small claims process.

It suggests that the Government should initiate a public awareness-raising campaign, on a par with its campaign to promote smoke alarm testing. All relevant companies should provide well-publicised guidance to existing and new customers on how they will contact customers, and how to make contact to verify that communications from the company are genuine.

The committee’s report recommends that organisations holding large amounts of personal data should report annually to the ICO (Information Commissioner's Office) on a number of measures.

This includes staff cyber awareness training, when security processes were last audited, and what guidance they provide to current and prospective customers.

The report suggests that firms should report to the ICO on the number of attacks of which they are aware and whether there were any breaches.

At present, the ICO can only issue a fixed fine of £1,000 for failure to report a data breach - a figure the report suggests is too low.

The report also says there should be scope to levy higher fines if the organisation has not already provided guidance to all customers on how to verify communications. 

The maximum fine that can be imposed by the ICO is currently £500,000, which the reports says may not be a significant deterrent for a large company.

To read the This is Money report in full visit: 

Contact us for more information

<< Back to Latest News items