And five cybersecurity recommendations for government and law enforcement based on the findings.
The UK Internet Services Provider Association surveyed its membership of over 200 companies on cybersecurity.
It offered ten key findings:
1. Cyber security is a priority for 79% of ISPs surveyed, 77% said spending is increasing and MDs or C-Suite executives are accountable for cyber attacks
2. 92% are subject to cyber attacks on a daily (31%), weekly (23%) or monthly (38%) basis
3. ISPs provide a wide variety of tools and services to protect networks and tools to end users
4. 85% of those surveyed said ISPs should have a proactive role to play in maintaining customer protection and mitigation
5. ISPs take a proactive approach, with 84% of those surveyed having reported incidents and breaches and 92% provide advice and tools
6. ISPs want Government to focus on awareness raising (64%) rather than creating new regulations (18%) to meet the challenges of cyber security
7. Law enforcement should prioritise better training (83%) and coordination with industry (83%), as well as increase funding (58%) and prosecutions (50%)
8. 91% are concerned about Government surveillance measures impacting on network security
9. There is inconsistency with how law enforcement deals with ISP incident reporting
10. While a large number of public bodies are in contact with ISPs who are actively interested in cyber security, a third of ISPs receive little or no contact.
ISPA Chair James Blessing said “Cyber-security is critical, and this survey shows how it has become an even bigger issue for ISPs. The survey also reveals that industry believes Government and law enforcement need to raise their game in tackling cyber crime and need to have a clear plan on how they will be tackling offenders and raising awareness among users.
One question in the survey asked:
What could law enforcement do to improve its handling of cyber crime? (More than 1 choice allowed)
? More funding 58%
? Better training and upskilling 83%
? A more coordinated approach with industry 83%
? Establish a new public body to address the area 16%
? Greater number of prosecutions 50%
? More proactive intelligence 42%
? Publish results of investigations 42%
? Other (please specify) 8%
The ISPA proposed five recommendations to Government:
1. Government should focus on education and awareness and work collaboratively with industry rather than resorting to legislation
2. Government must be mindful of the damage surveillance legislation can have on network security, such as the intrusive hacking powers within the Investigatory Powers Bill
3. Law enforcement should prioritise better training of officers and coordination of cyber security
4. There needs to be more consistency when an ISP reports a case to law enforcement so that all reports are followed up and investigated so that criminals can be brought to justice
5. Authorities must do more to reach out to the full breadth of the ISP industry, engaging them in information sharing work and consultation