The OECD has today issued a report into cyber security that calls for a more balanced view of the risk and clarity in the way in which each sub risk is addressed.

Commenting on the report Reducing Systemic Cybersecurity Risk Graeme Matthews, cybersecurity partner at Deloitte says: "The OECD report is right to take a balanced view of the consequences of cyber incidents. The use of what the report calls ‘exaggerated language’ such as ‘cyber attack’ rolls all activities from recreational hacking to a state-sponsored denial of service together and therefore makes an analysis of the level of activity impossible.

“The success of the internet is due in part to the consensual way in which standards are set and governance is carried out. The underlying infrastructure remains vulnerable to disruption and more secure standards are likely to need compromise between the libertarian values with which the internet has developed and heavier management.

He added that the issue of online identification of individuals and servers is one area where more rigorous identity management will be needed if fundamental technical security weaknesses are to be addressed.

For critical national infrastructure organisations such as energy and transport, he stresses, there can be a tension between the needs of the company’s shareholders and wider society where costs arise to defend against cyber threats. "In the current climate of austerity, there could be challenges in agreement about who is going to fund many of the necessary preventative measures," he says. “However, for individuals and organisations, making sure that fundamental security measures are in place remains as important as ever. It is still important to cover all aspects of security including people and buildings."

Share Story: