back to article Lazy FTSE 350 firms think lawyers can fight off cyber-security worries

Poor communication between boards and front-line management as well as a growing reliance on legal remedies mean UK companies are still falling short when it comes to cyber-security. A KPMG survey of FTSE 350 firms found that 61 per cent of board members reckoned they had a decent understanding of their company’s key …

  1. Dan Paul

    Writing a Disclaimer...

    does not exempt you from the legal consequences of losing or leaking my personal data.

    I will still sue you, especially if my money and credit is involved.

  2. Stuart 22

    Bend it like a Barrister ...

    One of William Shakespeare's most notable lines is "let's kill all the lawyers" from the play Henry VI, Part II.

    But now, one retired US lawyer is trying to change people's interpretation of the famous line.

    David Epstein says: "One interpretation is that's it's actually a compliment for lawyers... that's the one I'm stressing."

    http://www.bbc.co.uk/news/entertainment-arts-28879259

  3. Zippy's Sausage Factory
    WTF?

    Lawyers... because closing the stable door after the horse has bolted always solves everything.

    Seriously... what happens when you have no corporate IT systems and you're being chased for payments left, right and centre? Do you think the HMRC would have any sympathy, lawyers or no lawyers?

    Relying on lawyers in this situation is like saying you're not worried about leaving your front door open because you've got insurance. It doesn't help when you've got no clothes, no telly and no cooker.

    Idiots.

    1. Anonymous Coward
      Anonymous Coward

      Re: insurance

      "you're not worried about leaving your front door open because you've got insurance"

      Back in February 2014, the BBC were reporting that many utility companies seemed to think that "cyber attacks" were something whose risks could be mitigated solely by having suitable insurance.

      But when the insurance companies sent in assessors prior to taking on the insurance, the insurance companies didn't like what they saw at the utilities (insufficient precautions to prevent losses), and frequently declined to take the business.

      http://www.bbc.co.uk/news/technology-26358042

      1. Mad Chaz

        Re: insurance

        Once again, until top management can be held criminally and financially accountable for breaches, this will never get fixed. The people with the power to do something need to be the people held responsible when they do nothing.

        1. Yet Another Anonymous coward Silver badge

          Re: insurance

          Insurance is often the correct response for unlikely and unpredictable events.

          You could spend X millions on securing your systems and still be hit OR your could find an insurer that will pay the Y million you lose if a one in Z million event happens and charge you a little more than Y/Z for taking the bet.

          What would you suggest? The company fires everybody not directly involved in security - since any spending on anything other than security is obviously not "doing all they can"

          1. Robert Helpmann??
            Childcatcher

            Re: insurance

            What would you suggest? The company fires everybody not directly involved in security - since any spending on anything other than security is obviously not "doing all they can"

            I would suggest using insurance as it is meant to be. Companies should fall back on it after having done everything they reasonably could to prevent the loss and things still went south. It should not be an either-or choice between prevention and insurance.

    2. Daniel Hedley

      The lawyer's view

      Speaking as a member of that profession that everyone loves to hate, this article is bang on. If your strategy for dealing with data breaches and attacks is to look to your lawyers to rescue you once it's happened, you are going to be disappointed. That's not to say we can't help with damage control, for instance by engaging with the ICO (and other regulators) and helping to navigate the contractual fallout. But really, prevention is so, so much better (and cheaper) than cure, and prevention needs engineers, which needs budget, which needs board buy-in.

      If it helps to make the business case, engineers tend, rightly or wrongly, to be a fair bit cheaper than us lawyers.

  4. Destroy All Monsters Silver badge
    Trollface

    The guys wrecking the EURO issue edicts on "cyber-risks"

    such as edicts from the European Central Bank

    MUAH!!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon