The government has been urged to publicly name and shame British businesses with sloppy cybersecurity measures that could put customer data at risk.
A new report released by the Cyber Security Research Group and the Policy Institute at King’s College London on Tuesday called on the government to do more to encourage businesses to improve their computer security.
The report’s authors suggested that the National Cyber Security Centre expands its focus to include private businesses as well as public sector organisations.
One way to do that, the report suggested, is to publicly identify businesses with poor cybersecurity. The report stopped short of calling on the government to publicly rate businesses according to their defenses, however.
The NCSC, a division of British spy agency GCHQ, has publicly debated what more it can do to protect the public when it comes to cybersecurity.
The agency said last year in a paper that it is “not clear what we should do about this, apart from calling out the companies who consistently fail to take fraud and security seriously.”
The NCSC also said that it is “willing to intervene if particular infrastructure owners are intransigent in fixing their networks.”
However, Matt Lock, director of sales engineers at cybersecurity business Varonis, cautioned against the government publicly naming companies which have been hacked.
“Organisations are already being named and shamed after breaches and major security incidents – not by the government but rather by the media,” he said.