Security

UK government imposes £1700 million fine on key organisations for cybersecurity shortcomings

Nat 2018-02-16 No Comments

UK Government Press Release dated January 2018, 11announced that companies and organizations responsible for critical infrastructure will be fined up to 1700 million pounds (approximately 25 billion yen in Japanese yen) if they do not take effective cyber security measures. The target organizations are energy such as electricity, gas, and water, transportation such as railways, water supply and sewerage, and health-related organizations such as hospitals. In this regard, competent authorities will be selected for each industry. In addition to taking security measures, organizations are also required to report incidents through a simple interface provided. Note that fines are a last resort and will not be imposed on companies and organizations that take proper measures.

Also on the same date, the National Cyber ​​Security Centre published new guidance for industry:2Has been released.

Failure to take proper security measures is a typical example of pollution with externalities, so I think the right approach is to internalize it through taxes and fines.

I've probably been saying this since around 2011, so it's a sentimental thing for me.
By the way, 10 Downing Street3I went there in October 2013. I think we talked about externalities then too.

In fact, it seems better to use insurance because it will get through the market, and finally ISO is creating standards for cyber insurance.4has started, but actuarial data is still insufficient, and fines are probably the realistic option for the time being. In that sense, I think the newly introduced reporting obligation will also be useful in creating actuarial data.

UK Government acts to protect essential services from cyber attack

 

 

footnote

  1. Government acts to protect essential services from cyber attack — https://www.gov.uk/government/news/government-acts-to-protect-essential-services-from-cyber-attack
  2. The NIS Guidance Collection — https://www.ncsc.gov.uk/guidance/nis-guidance-collection
  3. British Prime Minister's Office
  4. ISO/IEC 27102 Information technology — Security techniques — Information security management guidelines for cyber insurance https://www.iso.org/standard/72436.html

Leave a comment

This site uses Akismet to reduce spam.For details of how to process comment data, please click here.