Logo
Print this page
Save to disk

CBI calls for greater focus on web security

01 Mar 2007, Tom Young, Computing

http://www.computing.co.uk/ctg/analysis/1862902/cbi-calls-focus-web-security

Picture of John Meakin

Employers’ body the CBI is calling for a national strategy to clarify where responsibility for internet security lies.

There are few clear regulations governing online retailers’ liability in protecting their
customers from attacks such as phishing and identity theft.How far businesses could or should take responsibility forcustomers’ security problems is still an open question.

But apportioning blame for security issues needs to be done carefully, and an overarching strategy would be more effective than prescriptive regulations, CBI head of e-business Jeremy Beale told the House of Lords Science and Technology Sub-Committee last week.

‘We need a national information security strategy, where educational and training programmes are linked to enforcement capabilities,’ said Beale. ‘There is mutual responsibility, and a clearer framework needs to be formed for where responsibility lies for different actions along the chain.'

‘Regulations tend to be for a certain set of technologies, which can change quickly, so rather than trying to find a silver bullet we need a co-ordinated national strategy,’ said Beale.

Security concerns are having a considerable impact on customer behaviour. A recent survey by awareness portal Get Safe Online found that 17 per cent of active web users have decided not to use the internet anymore because of a bad experience.

Customer trust is a strategic priority for online payment service PayPal, head of security Michael Barrett told the committee.

‘The issue is that customers that have had their security compromised find it so wholly repugnant, like being burgled, that they do not want to use the internet again, and who can blame them?’ he said.

Businesses such as PayPal refund their customers for any losses they incur, even though the firm is rarely responsible.

‘We never send emails to customers, and we tell them that,’ said Barrett.

‘Our negligence has not led directly to their losses, but obviously we must bear some of the responsibility,’ he said.

Firms cannot solve the problem on their own, says Garreth Griffith, head of trust and safety at online marketplace eBay.

‘Law enforcement, industry and individuals all have responsibility,’ said Griffith. ‘Partnership and education are crucial, one entity standing alone cannot make a significant impact.’

Sharing responsibility maybe fair. But the danger is that no one is left accountable.

‘If I lose my eBay or PayPal account details [to a criminal], it is no consolation to me that everyone is responsible – I need somebody specific to go for,’ said sub-committee member Lord Young of Graffham.

What do you think? Email us at feedback@computing.co.uk

Further Reading:

UK security found wanting

Corporate governance - Special report

© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093