Fine Firms For Cyber Security Failures

The culture committee also wants CEOs' pay linked to online safety, in a report responding to last year's TalkTalk hack.

Companies should be fined if they fail to guard against cyber attacks, MPs have recommended in the wake of last year's TalkTalk hack.

The Culture, Media and Sport Select Committee inquiry made a number of recommendations, but stopped short of suggesting that criminal proceedings should apply to employees who fail to protect people’s data.

The committee also recommended that CEOs' pay should be linked to effective cyber security; that it should be easier for consumers to get compensation if they are the victim of a hack; and that the Government should conduct a public awareness campaign about online and telephone scams or phishing.

Companies should also be fined for delays in reporting breaches into their systems.

Committee chair Jesse Norman told Sky News: "Our report today I think is a giant wake up call for industry generally because what that showed (the TalkTalk hack) is that even very sophisticated companies in the telecoms area were not invulnerable to attacks."

In the USA, the Securities and Exchange Commission has required publicly traded companies to inform regulators about cyber attacks since 2012.

The internet service provider TalkTalk, which has around 4 million customers, was hacked in October last year.

The company initially described the attack as "significant", but later said only 157,000 people’s details had been compromised.

The financial information – banking sort codes and account numbers – of 15,000 people were stolen.

28,000 people had obscured versions of their debit and credit card details taken.

Six arrests have been made, of people all younger than 21.

The Information Commissioner’s Office (ICO) is conducting its own investigation into the specifics of the TalkTalk attack and data breach.

The select committee complained about the eight-month wait for this report and suggested the ICO was understaffed.

Conservative MP Mr Norman added: "We don't know the full detail of the attack even now and we've asked TalkTalk to publish as much of the current report that they've done on the attack as possible but it may have been a very simple one."

3 Comments