The severity of the UK Electoral Commission suffering a cyber breach has led one analyst to call the incident ‘highly disturbing’, and one that raises many questions about the cyber governance of the UK’s independent and public bodies and the technical advice they are given

David Bicknell, Principal Analyst, Thematic Intelligence at GlobalData, said: “This suggests cybersecurity was either not regarded as a high-enough priority at the Commission or that mistakes were made. Which organisation advised the Commission on its cybersecurity protection measures?

“Given the sensitive nature of its work, overseeing elections and regulating political finance, the Commission should have had the highest cybersecurity measures in place. Did the National Cyber Security Centre scrutinise them? And if not, why not? Are other public bodies similarly insufficiently cyber-protected? One would have to assume so.

“There is also concern over the time it took for this breach to be disclosed. The breach was identified in October 2022, and the Information Commissioner was notified within 72 hours. But it has taken 10 months to inform the public of the breach. This is far too much of a delay. There is a risk that some organisations could regard 10 months as an acceptable timeframe and the going rate for public disclosure.”

Image by Leopictures from Pixabay