The Department for Culture, Media and Sport (DCMS) has published a review of how the UK Government should ensure wider cyber security management.

Professor Chris Hankin, Director of the Institute for Security Science and Technology, played a significant role through chairing the review’s Senior Expert Advisory Group. The conclusions have influenced the UK Government’s 2016 National Cyber Security Strategy.

Cyber security is a constantly evolving global challenge. High-profile breaches of customer data, such as the recent hack of Talk-Talk which affected 157,000 customers, have led the Government to ask if enough is being done to protect the UK economy. Such events impact the security and confidence of customers, and also undermine the UK as being a secure place to do business.

Review

The Cyber Security Regulation and Incentives Review concludes that market failures in the protection of personal data can be addressed through regulation. It says that significant improvements can be achieved through the implementation of the General Data Protection Regulation (GDPR); the incoming EU legal framework around personal data protection.

However, the Government will not seek to introduce further legislation beyond the GDPR. The review suggests that additional regulation might overburden businesses and create a culture of compliance rather than foster proactive management.

The National Cyber Security Centre will work with businesses and organisations to incentivise them to improve cyber security. For example, the Cyber Essentials Scheme provides free advice and tools to help organisations protect themselves.

Wide analysis

Evidence collection was central to the review process. A review of the current academic literature on cyber security as well as business behaviour change was carried out. They also commissioned new qualitative research into the effects of the options being considered on businesses. Throughout the process the Review team were advised by an expert advisory review panel, comprising figures from the various stakeholder groups, and chaired by Professor Chris Hankin.

The entire review is available to read here.