"Cybersecurity regulation should be enforced through engagement not punishment"
Translation: all carrot, no stick.
Mobile industry warns patchwork cyber regs are driving up costs
Mobile operators' core cybersecurity spending is projected to more than double by 2030 as threats evolve, while poorly designed and fragmented policy frameworks add extra compliance costs, according to industry group the GSMA. The lobbying organization has pushed out a report calling for national policymakers to simplify …
-
-
Thursday 27th November 2025 12:58 GMT Mike 137
enforced through engagement
There's another, more effective, form of engagement -- offering expert assistance and support, preferably prior to rather than merely after incidents (and this is not a "carrot"). Not only are "cyber regs" currently a patchwork -- standards are too. And both almost entirely ignore the non-"cyber" elements of protection, not least realistic business risk assessment and the influence of psychology on both the guides and guided on the victim side.
-
-
Wednesday 26th November 2025 22:05 GMT Anonymous Coward
You asked for it, you got it.
If any customer data you hold is accessed by any unauthorised entity, you must notify every customer in every jurisdiction for whom you hold any data for any reason anywhere. This applies to a breach of any entity with any access to any customer data held by you or for you.
How's that? Is that simple enough for you?
-
-
Thursday 27th November 2025 03:53 GMT stiine
Re: You asked for it, you got it.
'consequential damages' I'm pretty sure you aren't in the USA because over the last 5 years, every American's information has leaked at least once, so companies offering credit monitoring are just blowing smoke up your ass (especially since some of those leaks have been from hacks of credit monitoring firms.
As it stands, today, I'm sure there are companies that have contemplated ceasing operations in California (despite its large population) and Maine because of reporting requirements. Its nearly a weekly occurance that a breach letter is sent to the attorney general of the state of Maine, which when quoted by news agencies makes the breach appear to be smaller than it really is because they only reported X-thousand "affected individuals" when the actual nation-wide impact is likely to be 50, 100, or 10000 times as many people.
-
-
-
Thursday 27th November 2025 11:06 GMT deep4
"half of their cybersecurity operations teams are occupied with compliance tasks rather than identifying threats or managing risks."
Well, there's an easy way to fix that, which is entirely within the control of the operators: employ more people doing the threat identification/risk management. It might actually mean that the number (and not just proportion) of teams working on compliance can be reduced.
-
Thursday 27th November 2025 18:21 GMT Diogenes8080
It's a simple cost bleat. The providers all want zero-liability cost-free ecospheres. The cost to their customers doesn't matter if all of the alternatives are as bad as each other.
Well, it's the same barrier for everyone delivering a service to any given jurisdiction, so the only real problem to watch out for is if a near monopoly has proportionally lower costs than a new entrant.
Biting the hand that feeds IT
