"Don't hold us liable for breaches", industry tells MPs
By Rene Millman,
Holding security vendors liable to breaches suffered by customers would be very difficult, according to experts within the industry.
Following the publication of a report by the House of Lords' Science and Technology Committee, reported by IT PRO last week, MPs said that if individual users are to be protected from threats then the IT industry must do more to protect customers. One of its recommendations was to make vendors liable for security breaches.
But Greg Day, security analyst at anti-virus company McAfee said that it was up to businesses to ensure that security products were correctly configured.
"It would be very difficult to hold vendors responsible for breaches, as it really comes down to how solutions are implemented. You would have to ask, 'Did they have it configured correctly, updated and maintained?'" said Day. "Every business has different IT security requirements depending on their business and IT footprint. A security vendor supplies businesses with the tools, but it is down the business to use them correctly."
IT security company Symantec was also cold on the idea of making it, and others in the industry, liable for breaches. Ilias Chantzos, senior principal government relations analyst at the company said that such an approach does not take into account the complexity of the IT industry. He suggested alternative legislation to lawbreakers.
"The introduction of new legislation should deal with malicious behaviour, such as the buying and selling of botnets," said Chantzos. "An approach along the line suggested in the report on the issue of liability could result in the opposite effect and risk reducing consumer choice and end users' security and privacy."
Geoff Haggart, EMEA senior vice president of web filtering company Websense said that both the government and business must accept a duty to protect the public if confidence in the internet is to be maintained.
"A central system for the reporting of e-crime should definitely be considered. In addition, the US companies are legally bound to notify their customers if their data has been breached - yet currently the British public is protected by no such legislation. Their should be greater debate about the value of implanting similar laws here," said Haggart.
He said the report would "spur the security vendor community to greater efforts to protect consumers from security threats".
advertisement
Latest Security Features
How to be a successful online fraudster
Ever wanted to know how easy it is to be an identity thief and earn a fortune? IT PRO reveals all…
- What you need to know about ID cards
- Lessons to learn from a year of data breaches
- Q&A: DNS inventor Paul Mockapetris
- Is the password ill-equipped for the modern world?
- Why is backing up given short shrift?
- Defending Europe against cyber attack
- The present and future of IT security
- I’m an IT manager, get me out of here!
- IT around the world: Russia
Latest Security Reviews
Fortinet FortiGate-3810A
Rating: 
- Clearswift MIMEsweeper Web Appliance ENW
- NetASQ U6000 UTM appliance
- AVG Internet Security SBS Edition 8.0
- Finjan Vital Security Web Appliance NG-6000S
- LogLogic MX2010
- Exclusive: WatchGuard Firebox Core X750e
- Sophos ES4000 Security Appliance
- Microsoft Forefront Security for Exchange and SharePoint
- EXCLUSIVE: Juniper Networks SSG 550 UTM appliance
advertisement
Latest News Videos in Security
Video: Eugene Kaspersky outlines security threats
PlayIT PRO speaks to Eugene Kaspersky, chief executive and founder of Kaspersky Lab.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?