Last week’s cyber attack on phone company Talk Talk and recent warnings from the US National Security Agency have focused attention on information security, especially for companies. How responsible should companies be for their own cyber security?
- Companies should be responsible for encrypting all the financial information they hold, and should be legally liable for any loss of customer money in the event of a hack
- Companies should have compulsory cyber security contractors, who would be liable in the event of a hack
- Public-sector security advisors should be responsible for identifying threats and devising security measures for companies to install
- Defending against threats from nation-states should be the government’s job; defending against theft should be the company’s
- None of the above
Our poll responses slowed down somewhat last week, with 288 respondents. But the conclusion was clear; a definite majority, 60 per cent, thought that companies should bear legal reesponsibility for encrypting all the sensitive information they hold on their clients and customers. The next largest group, comprising a third of respondents, thought that the government should bear the responsibility for defending against cyber-threats from other nation-states, while companies should be responsible for defending against other criminal activity. There was very little support for the idea of public-sector secuity advisors bearing the responsibility for identifying threats and devising security measures, with only 1 per cent choosing this option; while 3 per cent agreed that companies should have compulsory cyber security contractors, who would then be liable for any losses incurred in the event of a hack. Another 3 per cent declined to pick an option.
Please conrintue to let us know your opinions on this subject.