Share
The ever-increasing use of digital technologies means that software resilience is crucial in preventing incidents such as the 2020 SolarWinds attack or the discovery of the Log4j vulnerability. While businesses and organisations have made significant progress to address cyber risks, this continues to be a threat to the wider UK economy and the rest of the world.
In an increasingly virtual world, software underpins everything we do. Resilience in respect of software should be a priority for everybody, especially for businesses like Kennedys IQ that are building data-driven products and machine intelligence. We all depend on resilience in order to ensure safe growth, both locally and globally.
On 6 February 2023, the Department for Digital, Culture, Media & Sport[i] launched a call for views on software resilience for businesses and organisations.
Kennedys’ cyber and data experts worked alongside our technology arm, Kennedys IQ, to respond to the questions raised in the Government’s survey.
The key points in our response to the call for views included the following:
- Intentional compromises of software code, inadequate incident response and poor supplier management can lead to possible client liabilities, regulator fines or customer attrition, and can therefore have a significant impact on the economy.
- The increasing use of large language models (such as ChatGPT) that can generate long lines of code, will inevitably lead to errors and, without sufficient checks, could exacerbate the issue of accidental vulnerabilities in software code.
- Some vulnerabilities in software code are designed to look accidental, which is why developers should always aim to check the rest of the code to find the potential root cause.
- Software is rarely developed or used in one single jurisdiction and, as such, it is necessary to bring in an international perspective. In addition to an appropriate international standard for software development and adoption, the Government should consider approaching other countries to produce international guidance on incident management.
- We believe that it is necessary for the Government to prioritise cybersecurity awareness and literacy among the wider society. Software users should be encouraged to implement measures that will keep their data secure.
- Finally, any suggested measures will only be effective if they are affordable for businesses and developed with industry experts.
Eleanor Stewart, Senior Data Risk Manager, commented:
Legal director / of counsel* promotions
|
Name |
Division |
Region – Office |
|
Charlene Sim |
Insurance |
APAC - Singapore |
|
Cassie Raman* |
Insurance |
APAC -Hong Kong |
|
Chantel Pang* |
Healthcare |
APAC -Hong Kong |
|
Clara Li* |
Commercial |
APAC -Hong Kong |
|
Ricky Wu* |
Healthcare |
APAC -Hong Kong |
|
Thomas Arleth |
Insurance |
EMEA - Copenhagen |
|
Rishi Sengupta |
Insurance |
EMEA - Dubai |
|
Khalil Mechantaf |
Commercial |
EMEA - Dubai |
|
Mehdi Seadon |
Insurance |
EMEA - Dubai |
|
Catherine Lyons |
Insurance |
EMEA - Dublin |
|
Gearóid Corrigan |
Insurance |
EMEA - Dublin |
|
Mark Dunne |
Insurance |
EMEA - Dublin |
|
Alonso Barreda |
Insurance |
LATAM - Peru |
|
Samantha Williams |
Healthcare |
UK - Cambridge |
|
Tom Spring |
Liability |
UK - Leeds |
|
Emilie Civatte |
Commercial |
UK - London |
|
Adam Osieke |
Commercial |
UK - London |
|
Anya Butler |
Insurance |
UK - London |
|
Philip Kusiak |
Insurance |
UK - London |
|
Alison Chadwick |
Insurance |
UK - London |
|
Graham Gowland |
Insurance |
UK - London |
|
Jennifer Kusiak |
Insurance |
UK - London |
|
Caitlin Gallagher |
Insurance |
UK - London |
|
Suzy Oakley |
Insurance |
UK - London |
|
Tom Osborne |
Insurance |
UK - London |
|
Robert Calnan |
Insurance |
UK - London |
|
Matthew Line |
Insurance |
UK - London |
|
Amber Jenner |
Liability |
UK - London |
|
Carlyn Weale |
Commercial |
UK - Manchester |
|
Arran Roberts |
Insurance |
UK - Manchester |
|
John Lambert |
Insurance |
UK - Manchester |
|
Sarah Mawbey |
Insurance |
UK - Manchester |
|
Steven North |
Liability |
UK - Manchester |
|
Andrew Purdie |
Liability |
UK -London |
|
Ian Ford |
Liability |
UK -Manchester |
[1] Health Practitioner Regulation National Law Act 2009 (Qld) s 3A(1).
[2] Ibid s 133.
[3] Ibid s 136.
[4] Ibid ss 138, 139.
[5] Ibid ss 117-119.
[6] Ibid div 7A pt 8.
[7] Ibid div 7B pt 8.
[8] Ibid s 130.
[9] Ibid ss 220A, 220B.
[10] Ibid div 6A pt 7.
[11] Ibid ss 83A, 103A, 112.
[12] Ibid ss 149A, 149B.
[13] Ibid s 150A.
[14] Ibid ss 179, 180.
[15] Ibid s 193A.
Banking and finance
Insurance and reinsurance