Insights Cyber security: ISPs call for law enforcement and Government to raise their game on cyber security.

Better law enforcement training and coordination of cyber security and support for a Government-backed awareness campaign are two key findings of an ISP cyber security survey carried out by the Internet Services Providers’ Association (ISPA).

ISPA surveyed its members across a range of cyber security areas, including where it sits in their business, the nature and impact of cyber-attacks, the technology used to safeguard networks and the role of end users, Government and law enforcement.

ISPA says that the survey findings demonstrate that cyber security is a rising priority, with senior responsibility within the company as ISPs and customers are subject to regular attacks. ISPs play a proactive role through network protection, customer support and by working with authorities to help mitigate threats.  ISPA says that the Government and law enforcement should “prioritise awareness raising and education, and improve how they deal with reports and coordination of cyber security”.

The survey showed that, with over 90% of ISPs coming under some form of attack, over three quarters of respondents planned to spend more on cyber-security. Responsibility for cyber-security lies with the top layer of management for 93% of respondents and over three quarters said it had become an even more important priority in the last five years.  Cyber is good for business too, with 75% saying they had been asked about cyber security by potential customers.

ISPs are concerned that intrusive powers in the Investigatory Powers Bill will compromise security, and that better enforcement and more prosecutions were more effective than new regulation.

85% of those surveyed said ISPs should take a proactive role in cyber security, with 92% offering free tools and assistance for customers and 100% either have reported or would report breaches, and more than two-thirds sharing information with industry colleagues.

Of the 83% of respondents who reported cyber-crime to the police, only 20% felt reports were consistently followed up by law enforcement agencies and 30% said reports received no response at all. When asked how cyber-crime could be better handled, ISPs said the police needed more funding and better training, better threat information sharing and a new education and public information campaign for end users.

In response to the survey and in consultation with wider industry, ISPA has made the following recommendations:

  • the Government should focus be on education, awareness and work collaboration with industry rather than resorting to legislation;
  • the Government must consider the damage surveillance legislation can have on network security, such as the intrusive hacking powers within the Investigatory Powers Bill;
  • law enforcement should prioritise better training of officers and coordination of cyber security;
  • there needs to be more consistency when an ISP reports a case to law enforcement so that all reports are followed up and investigated to bring criminals to justice; and
  • authorities must do more to reach out to the full breadth of the ISP industry, engaging them in information sharing work and consultation.
  • To read ISPA’s press release in full and for a link to the survey results, click here.

Expertise