Julian King, European commissioner for the security union, has told the FT Cyber Security Summit Europe that everyone is responsible for cyber security, but added that if it is not done voluntarily, legislation may be required.
Mr King said that in order to take on the current cyber threat landscape, such as organised cyber crime, subversion of democratic processes and manipulation of opinion, cyber security needs to be urgently redefined.
In a keynote address at the conference, he said: “We need to ensure that cyber security encompasses the full range of cyber security challenges, which are rooted in, or accelerated by technology, otherwise we risk missing a quite important bigger picture, in which elections can be manipulated and vulnerable young people radicalised.”
He explained that these elements are part of the same cyber security continuum, and that in order to tackle them, the private sector will have to undergo a paradigm shift. In addition, the government will have to take action.
Meanwhile, the former director of GCHQ Robert Hannigan has said that it is not impossible to tackle the increasingly sophisticated cyber threats facing the world at present. However, he said, businesses have to look into previously untapped talent pools for new ways of finding cyber defenders.
Mr Hannigan told the conference that one thing he always tells boards is that this is a manageable risk. He said that it is useful to get boards to understand that cyber attackers are typically organised, collaborative and they understand data and how it can be monetised.
He added that the main take aways from this year’s cyber security incidents are that if businesses can get the basics right, they can avoid most of the worst attacks; and that what really differentiates a “serious incident” from a “catastrophe” is the way it is handled.