Following the news that the UK Electoral Commission suffered a cyber breach,

David Bicknell, Principal Analyst, Thematic Intelligence at GlobalData, offers his view:

“This is a highly disturbing breach that raises many questions about the cyber governance of the UK’s independent and public bodies and the technical advice they are given. This suggests cybersecurity was either not regarded as a high-enough priority at the Commission or that mistakes were made. Which organization advised the Commission on its cybersecurity protection measures?

“Given the sensitive nature of its work, overseeing elections and regulating political finance, the Commission should have had the highest cybersecurity measures in place. Did the National Cyber Security Centre scrutinize them? And if not, why not? Are other public bodies similarly insufficiently cyber-protected? One would have to assume so.

“There is also concern over the time it took for this breach to be disclosed. The breach was identified in October 2022, and the Information Commissioner was notified within 72 hours. But it has taken 10 months to inform the public of the breach. This is far too much of a delay. There is a risk that some organizations could regard 10 months as an acceptable timeframe and the going rate for public disclosure.”