The capital should be held to a higher ‘Mayoral Standard' when it comes to data security argue the Conservative members of the Greater London Assembly (GLA) in a new report entitled Safe and Secure: Protecting London's Data.
The standard will provide brand awareness of an increasingly pressing issue within the UK, nowhere more so than its capital.
The report states as it's opening gambit that “The Mayor of London, and the Greater London Authority as a whole, is in a unique position where they can influence the decision making of businesses across London.”
That influence, continues the report, could help shape a better data security landscape not only for businesses but for customers too: “London has the opportunity to lead the way in improving data security, setting standards that the rest of the country aspires to match.”
Considering London's position not only as the UK's capital but as a global capital for commerce it is not only a large, attractive target but a place of critical importance for data security.
The report estimates “conservatively” that the cost of security breaches could be around £35 billion a year to London alone.
This in part is down to the plain failure to report breaches. The authors estimate that nearly 90 percent of organisations do not report cyber-attacks
There is little consensus, the report states, on how best to secure data and prevent breaches. While schemes like Cyber Essentials and several organisations promote widely respected certification schemes, more must be done.
As of March 2016, only 2181 certifications had been awarded for Cyber Essentials and Cyber Essentials Plus, “which equates to approximately less than one percent of organisations operating in the UK.”
Sadiq Khan, London's new mayor, promised in his election manifesto to “ensure Londoners and business have the information and resources they need to stay safe online”, yet little word has been received on how that will come about.
To this end, the report makes several recommendations, leveraging the reservoirs of soft political power that the mayor of London retains.
Principle among them is that a ‘Mayoral Standard' be established. While specific standards have their own recognition in certain camps, they're largely unknown in the wider world, particularly within small to medium sized businesses.
The brand recognition of the Mayor of London, the report says, would add a great deal of awareness among SMEs, who are especially at risk of cyber-attack.
While thorough in sketching the scale of the problem for the capital, the report is largely free of detail when it comes to what that standard might look like.
A spokesperson for the GLA Conservatives told SCMagazineUK.com that under the recommendation, “companies would be encouraged, rather than forced to sign up. Essentially it is hoped that by highlighting these figures, firms would see the benefit of adopting the Mayoral Standard. We're also suggesting they should be able to use Mayoral branding on their website as an additional incentive, like a Kitemark for websites.”
Whatever the Mayoral Standard will end up being, the authors want it to be informed by the recommendations of the London Digital Security Centre, set up under the previous Mayor to work with law enforcement, business and academia to help fight cyber-threats to facing the capital's SMEs.
The Mayoral Standard may be more about recommendation than regulation but Bernard Parsons, CEO and co-founder of Becrypt, told SC that, “I personally think more cyber-related regulation is inevitable. We have years of evidence of how most organisations self-regulate, and it's not looking good.”
“In many senses, cyber-security is where health and safety was decades ago. A few more avoidable catastrophes, and there will be more regulation, but at a national level at least.”
However, hard regulation is perhaps not where the mayor's office can do real good, said Parsons, “I think the mayor's office would be better placed to use clout and influence to encourage adoption of existing standards, by helping highlight the benefits of doing so, and the dangers of not.”In terms of an appropriate standard to adopt, Cyber Essentials would be a good place to start, said Parsons. Wherever the cost is more than zero, smaller businesses may run into problems, but he added, “the focus for any business should first be about reducing risk, then getting the badge to prove you've done so.”