Charge Companies for Cyber Security Failures

Companies should be fined if they fail to guard against cyber-attacks, UK MPs have recommended in the wake of last year's TalkTalk hack.

The UK’s Culture, Media and Sport Select Committee inquiry made a number of recommendations, but stopped short of suggesting that criminal proceedings should apply to employees who fail to protect people’s data.

The committee also recommended that CEOs' pay should be linked to effective cyber security; that it should be easier for consumers to get compensation if they are the victim of a hack; and that the Government should conduct a public awareness campaign about online and telephone scams or phishing.  

Companies should also be fined for delays in reporting breaches into their systems. Committee chair Jesse Norman told Sky News: "Our report today I think is a giant wake up call for industry generally because what that showed (the TalkTalk hack) is that even very sophisticated companies in the telecoms area were not invulnerable to attacks." 

In the USA, the Securities and Exchange Commission has required publicly traded companies to inform regulators about cyber-attacks since 2012. 

The Internet service provider TalkTalk, which has around 4 million customers, was hacked in October last year.

The company initially described the attack as "significant", but later said only 157,000 people’s details had been compromised. The financial information, banking sort codes and account numbers, of 15,000 people were stolen. 28,000 people had obscured versions of their debit and credit card details taken. Six arrests have been made, of people all younger than 21. 

The Information Commissioner’s Office (ICO) is conducting its own investigation into the specifics of the TalkTalk attack and data breach.

The select committee complained about the eight-month wait for this report and suggested the ICO was understaffed.

Conservative MP Mr. Norman added: "We don't know the full detail of the attack even now and we've asked TalkTalk to publish as much of the current report that they've done on the attack as possible but it may have been a very simple one." 

Sky:  

« Russian Cyber Gangs Linked To Bank Robberies
False Flags: The Kremlin’s Hidden Hand »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

RedTeam Security

RedTeam Security

RedTeam Security is a provider of Penetration Testing, Social Engineering, Red Teaming and Red Team Training services.

F-Secure

F-Secure

F-Secure defends enterprises and consumers against everything from opportunistic ransomware infections to advanced cyber attacks.

INCIBE-CERT

INCIBE-CERT

INCIBE-CERT is the reference security incident response center for citizens and private law entities in Spain

Secure Decisions

Secure Decisions

Secure Decisions focus on research and product development related to national security including information assurance, computer network defense, cyber security education, and application security.

Smoothwall

Smoothwall

Smoothwall develop intelligent web filtering, Monitoring and security solutions designed to protect users worldwide.

Risk Based Security (RBS)

Risk Based Security (RBS)

Risk Based Security provide the most comprehensive and timely vulnerability intelligence, breach data and risk ratings.

TROOPERS

TROOPERS

TROOPERS InfoSec event consists of two days of high-end training, followed by a two-day, three-track conference, culminating in Roundtables on the final day.

Fiserv

Fiserv

Fiserv offers a wide array of Risk & Compliance solutions to help you prevent losses from fraud and ensure adherence to regulatory and compliance mandates.

Stellar Cyber

Stellar Cyber

Stellar Cyber makes Open XDR, the only comprehensive security platform providing maximum protection of applications and data wherever they reside.

Ministry of Information and Communications (MIC) - Vietnam

Ministry of Information and Communications (MIC) - Vietnam

The Ministry of Information & Communications of Vietnam is the policy making and regulatory body in the field of information technology and national information and and communication infrastructure.

Pelta Cyber Security

Pelta Cyber Security

Pelta Cyber Security is the cyber security consulting and solutions division of Softworld Inc. We provide staffing and recruitment services as well as consulting and solutions for outsourced projects.

Sunartek Labs

Sunartek Labs

Sunartek are equipped with expert resources and advanced technology to identify cyber threats and prevent any breach, bypassing the security network of your organization.

Appknox

Appknox

Appknox is the world’s most powerful plug-and-play security platform that helps developers, security researchers, and enterprises to build a safe and secure mobile ecosystem.

WPScan

WPScan

With WPScan, you'll be the first to know about vulnerabilities affecting your WordPress installation, plugins, and themes.

North Green Security

North Green Security

North Green Security is a UK-based cyber security training and consultancy company.

SafeBase

SafeBase

Safebase provide the infrastructure for Trust Communication. Our Trust Center enables Security and Sales teams to share and automate access to security, compliance, and privacy information.