June 6, 2019

Cybersecurity kitemark should be introduced in UK, say MPs

By Ellen Daniel

MPs have recommended that the UK introduce a new kitemark system to warn people of cybersecurity risks.

The suggestion has been made by the Public Accounts Committee, which has expressed concerns over a lack of awareness of the risks associated with certain devices and websites.

The committee has described the UK as “vulnerable to attack from hostile countries, criminal gangs and individuals” and believes that a kitemark system may help mitigate this.

What is a kitemark?

The kitemark is a UK certification symbol awarded by the British Standards Institution to products that demonstrate high standards in safety after meeting certain requirements.

It is most often used for products where safety is paramount, such as fire extinguishers, plugs and sockets or safety helmets.

In the context of cybersecurity, MPs have said that a similar system could be introduced to indicate how securely a company, device or website stores user data. If a certification system was in place, consumers would be able to make more informed decisions with regards to cybersecurity.

According to computing.co.uk, the committee has said that there is “currently no ‘traffic light’ or kitemark system to inform consumer choice on how cyber secure the products they buy are, unlike recognised standards in other areas such as food safety” and that the government needs to outline “how they plan to measure success in protecting consumers”.

Cybersecurity kitemark: “Regulations continue to lag far behind other industries”

Although a step in the right direction, Wai Man Yau, VP and GM international at Sonatype believes that the proposal is an attempt to play catch-up:

“While the recommendation to introduce a kitemark system got connected devices is a positive move by UK MPs, cybersecurity regulations continue to lag far behind other industries. This proposal is more an attempt to play catch up than anything revolutionary.

“In the UK one in eight software components contain a known vulnerability, meaning cybersecurity flaws are being designed into our connected devices right from the beginning. No other manufacturing industry is permitted to sell products with known defective parts, so it’s surprising that software security has been so poorly regulated to date.

“Kitemarks will be helpful to raise both consumer awareness and industry standards, but to be truly impactful, legislation needs to tackle the root cause of cybersecurity issues: flawed software.”

Read more: International cyber warfare standards needed, says senior US government cyber advisor

Verdict deals analysis methodology

This analysis considers only announced and completed cross border deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.

GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.

More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.

Topics in this article: ,