Whilst governments around the globe have kicked around the metaphorical can of AI regulation, something has been going on in the background. Something tangible, incredibly dangerous and increasingly more frequent: cybercrime.
It shouldn’t be the case that in an increasingly digital economy – something the current government is supposedly a big advocate of – businesses, tech-based or otherwise, are struggling with both know-how and the tools to guarantee their safety.
Despite this, businesses are succumbing to an influx of AI-supported cybercrime. Whether that’s ransomware, deepfake scams or traditional phishing scams, 2024 has already proven it’s going to be a record-breaking year for cybercrime – and not in a good way!
The UK government’s current approach to both AI and cybersecurity governance has been very much hands-off. Whether that’s because of a growing number of pressures outside of the world of technology (economy, defence, impending election) or perhaps a lack of understanding from the government itself, it’s leaving businesses in a precarious position with little to no steer on what to expect in the near future.
The introduction of this latest code of practice for cybersecurity offers a lot of merits for businesses not familiar with the norms of cybersecurity. Still, it does leave the door open for these protocols to be outrightly ignored as opposed to legally binding legislation that would hold businesses’ feet to the fire. This freedom means that businesses will likely prioritise what they want to, as opposed to what they should do regarding cybersecurity.
The risks of businesses ignoring these cybersecurity threats are substantial. You need not look any further than the story of the Hong Kong business that was duped out of $25m as a result of a deepfake scam.
So where do we go from here? Hopefully towards greater clarity. British businesses cannot be expected to thrive in an increasingly digital economy without clear frameworks and governance that clarify accountability for companies irrespective of their size or the industries that they work within. For strong examples of this in action, look across the pond.
Last summer the US government’s SEC implemented iron-clad legislation that requires public businesses to disclose cybersecurity incidents and maintain a high standard of cybersecurity management. Furthermore, the SEC has taken an unprecedented step to require all registrants to describe the board of directors’ oversight of risks from cybersecurity threats and management’s role and expertise in assessing and managing material risks from cybersecurity threats.
Legislation and rulings like this demonstrate the possibility of a more accountable cybersecurity industry from the boardroom to the factory floor.
The suggested code of practice also poses questions to the Labour Party on how they would plan to address technology-related issues such as cybersecurity, a topic that they’ve yet to invest much time or energy into. The closer we get towards the next general election, both the Conservatives and Labour should anticipate that questions on AI, cybersecurity and technology regulation will be high up on the list of priorities, one which could very well decide which side of the election businesses decide to throw their support behind.
From conversations in my everyday working life, a number of businesses up and down the UK still consider cybersecurity procedures and partners as a ‘nice to have’. These same businesses have invested swathes of money, time and energy into the digitisation of their companies and crucially, their supply chains.
With this digital supply chain becoming a reality, it begs questions as to why equal amounts aren’t being driven into cybersecurity, despite cybercriminals’ clear capabilities to disable and disrupt these intrinsic aspects of companies’ work. As cybercriminal gangs and ransomware groups grow ever more prevalent in the UK, it points towards a clearer need for cybersecurity legislation and standards of practice as opposed to a code of suggested actions. Only then can British businesses hope to stand a chance against the latest wave of cybercrime.
This legislation needs to be comprehensive but naturally must be achievable for British companies irrespective of size or function. To execute this, the government should look towards the industry’s experts to source opinions, insight and suggestions for how modern cybersecurity legislation could look and how it can help keep businesses and their employees safe from harm.
Barry O’Connell is general manager, EMEA, at Trustwave.
The post Cybersecurity must be a priority if the UK is serious about digitising the economy appeared first on UKTN.
