UK: DCMS publishes policy paper reviewing organisations affected by cybersecurity breaches
The Department for Digital, Culture, Media & Sport ('DCMS') published, on 17 August 2022, its policy paper exploring organisational experiences of cybersecurity breaches. In particular, the paper presents a qualitative study into a range of businesses and organisations that have been affected by cybersecurity breaches. More specifically, the paper aims to help organisations understand the nature and significance of cybersecurity threats, in addition to supporting the Government in shaping future policy in this area. As such, the paper concludes with the following findings, among other things:
- there is a need for ever greater levels of vigilance and investment in cybersecurity, as controls that were previously appropriate are now seen as less effective;
- while medium and large organisations had put in place formal plans and had allocated a budget for further cybersecurity investment, smaller organisations were restricted by resource constraints; and
- while technology remains a useful tool to stay secure, there is a widespread notion that people and culture represent a 'weak spot' for organisations.