Complacency is the biggest cyber risk, not hackers, says information commissioner


The biggest cyber risk businesses face comes from complacency, not hackers, the information commissioner said, urging businesses to better protect themselves against cyber threats.

John Edwards issued the warning as the Information Commissioner’s Office (ICO) fined Berkshire-based construction company Interserve Group £4.4million for failing to protect personal information of staff – in violation of data protection law.

The ICO found the company failed to put in place appropriate security measures to prevent a cyberattack, which allowed hackers to access the personal data of up to 113,000 employees via email of phishing.

Mr Edwards said many companies still don’t take cybersecurity seriously enough and warned companies they should ‘expect a similar fine from my office’ if they are found not to be. have not put in place protections.

“The greatest cyber risk businesses face comes not from hackers outside their business, but from complacency within their business,” the information commissioner said.

“If your company does not regularly monitor suspicious activity in its systems and react to warnings or update software and provide training to staff, you can expect a similar fine from my office.

“Leaving the door open to cyber attackers is never acceptable, especially when it comes to the most sensitive personal information.

“This data breach had the potential to cause real harm to Interserve personnel, as it left them vulnerable to the possibility of identity theft and financial fraud.

“Cyberattacks are a global concern and businesses around the world must take steps to guard against complacency.

“The ICO and NCSC are already working together to offer guidance and support to businesses, and this week I will be meeting with regulators around the world to work towards a consistent international cyber guidance so that people’s data is protected wherever a business is based.”

The Commissioner’s intervention comes after Nadhim Zahawi, Chancellor of the Duchy of Lancaster, said companies must stop seeing cybersecurity as “an issue only for corporate IT departments” and treat it as a business priority.

He warned that in the modern digital world, economic growth for the entire country would not be possible without the “economic security” that comes from good cybersecurity practices.


Comments are closed.