A new report from ACCA claims self-interest rather than regulation is the future of cybersecurity because technology is evolving at such a rate that any legislation would be out of date before it is signed in to law.
Constant Forward Motion: The evolving phenomenon of cybersecurity regulation and the race to keep up examines the growing threat to businesses and the problems lawmakers have because of the pace of technological evolution.
Jason Piper, ACCA head of business law, said: “Data is being used in all sorts of ways – for example to predict purchasing and money transfer patterns – criminals can use this information to commit fraud. As a basic rule of thumb is that if there is value in the data to a criminal then there is value in protecting it and because data is digital it can be replicated over and over again, potentially before the businesses is even aware.
“The big question for authorities is; how do you regulate? Is it better to prescribe hard law or soft law. Both have advantages and disadvantages but ultimately the problem that lawmakers have is that anything they pass into law is likely to be archaic very quickly and they could spend the whole time ‘running to catch up’.
“The same can be said of insurance, mandatory insurance now would force insurers to offer cover without the information yet to be able to set premiums. Insurance is a growing area in the field of cybersecurity but it is an extremely complex job for underwriters to value data and set suitable premiums. Insurance can however, act as an awareness raisers in a similar way to soft laws - if you can insurance against the loss of data then its security needs to be taken seriously.
“Large organisations can play an important role in cybersecurity. Most criminals will look to go after the weakest link in the supply chain as a point to access data. This will usually be the smaller businesses, as they have fewer resources. The larger companies in the chain can support the small ones by providing guidance and expertise. This would be of benefit to the whole chain, as once a criminal has access to one area they will be able to infiltrate the entire chain – causing more damage, both financially and reputational.
The report also looks at other threats to cybersecurity and how technology means that data thefts don’t always have to involve the internet. Physical devices can be used to collect information from ATM cards, electronic tills and card readers for future use, without the need for any direct internet involvement.
© ACCA - Association of Chartered Certified Accountants
Hover over the blue highlighted
text to view the acronym meaning
over these icons for more information
No Comments for this Article