Last week, the UK government published a report on the state of cyber security in the soon-to-bo non-EU member, and one of the report’s recommendations is that CEOs should have their salaries or bonuses cut when a cyber incident happens that could have been easily avoided.
The UK’s House of Commons Committee on Culture, Media and Sport considers that “a portion of CEO compensation should be linked to effective cyber security.”
In other words, if your company’s cyber-security gets slashed to bits by hackers, so should the CEO’s pay. For example, TalkTalk, a company that exposed the personal details of four million of its customers, alsoits CEO’s pay following the incident.
The company’s profits were down as well, in large part due to the expenses caused by the data breach, which makes you wonder why the board of directors would have ever agreed to raise the CEO’s pay after such abysmal results.
Cyber-security will become a priority when the CEO’s pay depends on it
“The ICO should introduce a series of escalating fines, based on the lack of attention to threats and vulnerabilities which have led to previous breaches,” the report reads. “A data breach facilitated by a ‘plain vanilla’ SQL attack, for example, or continued vulnerabilities and repeated attacks, could thus trigger a significant fine.”
The report calledis the UK Parliament’s investigation into a string of high-profile data breaches that have exposed the personal details of millions of British citizens.
The Parliament wants to force companies to consider cyber-security a must-fix item in their day-to-day operations and believes that by going after the already over-compensated CEOs it will get things on the right track.
Currently, the UK only fines a company £1,000 ($1,300) for each data breach where customer details are exposed. Taking into account that these companies have profits in the billions range, the sum is laughable.