Wary of cyber security laws, UK eyes softly-softly approach
However, Britain believes obligatory reporting risks having the opposite effect and becoming a "perverse incentive" that would prompt directors to actually turn a blind eye to online breaches in order to escape unwanted publicity.
Even when companies did reveal such attacks, company directors would be likely to say as little as possible about such incidents, the official said.
Mandatory reporting "would be positively harmful from the point of view of getting people to share information," he said.
In a related move, the government said on Monday it would extend a pilot scheme under which 160 firms in the defence, finance, pharmaceuticals, energy and telecommunications sectors shared information about cyber attacks confidentially.
Alan Calder, head of British cyber consultancy IT Governance, questioned the government's approach, saying the U.S. model of mandatory reporting was a good discipline for directors.
"Being forced to disclose information would be a very good thing, it would put a lot of pressure on companies," he said.
Be the first to comment.