Individuals convicted of unlawfully obtaining or
selling personal data should serve up to two years in prison, according to a new report from the UK’s culture, media and sports committee.
While the inquiry resulting in the paper was set up
directly as a response to last year’s data breach at TalkTalk, the committee stated that as
cybercrime is widespread and growing, its findings have a wide reach.
For example, a 2015 report from PwC report found
that 90% of large organizations have experienced a data breach, while a
government commissioned paper from 2016 reported that 25% of companies
experience a ‘cyber-breach’ at least once a month.
Worryingly, 40% of these security breaches are
accidents on the part of employees, contractors and third party suppliers,
suggesting low awareness and inadequate cybersecurity and data protection
strategies.
The committee also warned that when it comes to
cybersecurity, it is not enough for companies to say that they were not aware.
Bosses, in particular, need to be better prepared.
As such, to ensure accountability, the committee
suggested that a “portion of CEO compensation” should be specifically linked to
cybersecurity protection.
“Failure to prepare for or learn from cyberattacks,
and failure to inform and protect consumers, must draw sanctions serious enough
to act as a real incentive and deterrent,” said Jesse Norman, chair of the
committee.
It also recommended that the government take action
to increase people’s understanding around scams by initiating large-scale
public-awareness raising campaigns.
“Everyone must take the lessons from the TalkTalk
breaches as a wake-up call – both in how they prepare to prevent cyberattacks,
and in how they deal with their consumers when those attacks occur,” said Mr.
Norman.
Crucially, the MPs advocate that best-practice
standards for cybersecurity need to be set at governmental level, in order to
protect consumers and maintain Britain’s place at the top of the internet
economy.