I saw a press release headline last week that said the private sector is endangering national cybersecurity in the United Kingdom.
A study by think tank Chatham House, in conjunction with BAE Systems Detica, found:
a marked lack of uniformity and consistency in policy and practice, such that it would be very difficult to describe the UK as possessing anything approaching a society-wide response to cyber vulnerabilities and threats.
An article in The Guardian pointed out the study's results show that the government needs to take a firmer lead in cybersecurity issues, but that the private sector has also been at fault:
with company bosses delegating responsibility to IT specialists within their firms in a deliberate effort to keep a problem they may not understand "at arm's length".
When I read that, I became a bit curious to see what was happening in the United States. We know that the White House has proposed cybersecurity efforts and that both sides of Congress have introduced legislation to promote cybersecurity, but frankly, not much is happening. Why? Because everyone is tip-toeing around the idea of adding more regulations to the private sector.
I understand the arguments of additional regulations on industries that, while they touch different facets of life, don't really overlap into other industries. But cybersecurity touches everything. There are no borders -- neither in business nor in nationality.
The UK study blames executives for being willing to accept a high level of risk and facing those risks with "diminished resources and interest," according to The Guardian. But at the same time, government needs to take the lead role creating awareness and protecting the population at large from cyberattacks that are often unpredictable.
I understand the private sector doesn't like a whole lot of government regulation -- that it can be costly. However, shouldn't every person logging onto a website to do business, whether it be a finanancial transaction or filling out a form, do so knowing that there are cybersecurity standards in place?