London economy hit hard by security breaches

A new report by the Conservative members on the London Assembly, which help scrutinise the work of the Mayor of London, estimates that in 2015 in London 329,515 organizations experienced some form of security breach.

“In London specifically, it is possible to estimate conservatively that the cost to the economy from security breaches could be in the region of £35,997,500,000 per year,” the group said, and proposed a new “Mayoral Standard” for data security.

Like the Cyber Essentials scheme instituted by the UK Government, the standard would offer businesses a simple way to check their data security posture, and consumers can look for it as a sign that the company is thinking about the security of their data.

“The new GLA Conservative report is more like a worst-case scenario. It appears to take the estimates of the cost of the worst data breaches identified by the PWC report and multiply them by the total number of breaches,” Bernard Parsons, CEO of Becrypt, commented for Help Net Security.

“However, even a portion of the estimated £35bn in financial losses represents a serious blow to the economy. There is no doubt, whatever the number, that the cost of cybercrime to the UK economy continues to be significant and increasing,” he noted.

“The report’s recommendation of using the brand and influence of the Mayor of London’s office to create a Mayoral Standard for data security to raise the profile of cyber security can only be a good thing. Being able to prove their security capabilities with a highly visible standard could be a powerful competitive advantage for any business in the city.”

He noted that, currently, the vast majority of security breaches remain undisclosed, and therefore do not affect the companies’ bottom line or damage brand reputation, but this will change in 2018 with the introduction of the new EU General Data Protection Regulation (GDPR).

“This will influence the UK irrespective of Brexit and introduce mandatory disclosure of data breaches as well as significant fines,” he says.

“The GDPR is not prescriptive in terms of the detail of what good security looks like, however. There is certainly room for new standards such as the Mayoral Standard to define what good cyber security looks like, but they would need to be aligned with the existing work that Government is undertaking, such as the Cyber Essentials scheme, in order to be efficiently adopted by businesses.”

“The most important aspect of any ‘Mayoral Standard’ should be that it is both simple and cost effective – as this would encourage organisations to engage with it,” the group pointed out, but did not offer their opinion on what requirements the standard would bring with it.

That should definitely be left to security experts, but the wish for it to be simple and cost effective does not bode well. Perhaps because it makes me think of this well-known dilemma? But hats off to them if they manage not to sacrifice the value of the standard in the process, and make it a purely cosmetic sign that’s simply meant to inspire trust in users, and will fail in the long run.