Source: National Cyber Security News
Cybersecurity is constantly in the headlines for all the wrong reasons.
Earlier this month, we heard that all 200 UK NHS Trusts that have been assessed so far failed to meet the standards of the government-backed Cyber Essentials Plus scheme. Some of them even failed on patching, which was the vulnerability that led to the WannaCry ransomware attack. They clearly haven’t learned the lessons from an event which caused massive disruption across the health service, with operations postponed and appointments cancelled.
You would think that, if public sector organisations can’t even manage basic security hygiene such as patching, there would be consequences for those running them. However, while the forthcoming GDPR is bringing in new requirements for the protection of personal data, the large fines (€20m or 4% of global revenue) for a privacy breach will apply to the organisations concerned and will not affect their leaders.
After the TalkTalk cyberattack, its then chief executive Dido Harding may have had her cash bonus halved, from £432,000 to £220,000, but she was still paid a total of £2.81M in 2015, despite the personal and financial details of tens of thousands of customers disappearing into the ether.