The Sunday Times special report on Cybersecurity-2 - Flipbook - Page 1
I N D EPEN D EN T P U B L I C AT I O N BY
R ACONTEUR.NET
# 0 8 74
25/06/2023
CYBERSECURITY &
AUTHENTICATION
02
INSURANCE
Will the spiralling cost of
cyber cover necessitate
government intervention?
04
08
E D U CAT I O N
Why employees from gen Z
are most likely to be the
weak link in your defences
Distributed in
PROCUREMENT
How to select a cybersecurity
partner that won’t overpromise
and underdeliver
REG U L ATION
Contributors
Cyber house rules: how
Brussels is setting an
identification standard
Jon Axworthy
A journalist specialising in
healthcare, science, technology
and the future.
Ben Edwards
A freelance journalist who
specialises in finance, business,
law and technology.
Christine Horton
A long-time contributor to
specialist IT titles, writing about
technology’s impact on business.
Tamlin Magee
A London-based freelance
journalist specialising in
technology and culture.
The EU’s new digital identity framework, EIDAS 2.0, could spur
similar regulatory initiatives elsewhere. While the UK is likely
to take a different path, excessive divergence would not be ideal
Charles Orton-Jones
A former Professional Publishers
Association Business Journalist
of the Year who specialises in
covering fintech and startups.
Ben Edwards
russels has moved to strengthen its
legislative clampdown on cybercrime in recent months by means
of the revamped electronic identification,
authentication and trust services regulation (EIDAS 2.0). This measure is designed
to grant at least 80% of EU citizens a digital
ID wallet by 2030.
The legislation should pass the trialogue
discussions held by the European Commission, Parliament and Council over the next
couple of months, after which a transitional
period will be in place for member states to
set up their own processes for approving
digital wallets.
So says Andrew Bud, founder and CEO
of iProov, a specialist in biometric authentication and ID verification. “In terms of
implementation, we are approaching the
end of the beginning,” he reports.
Significant wrinkles still need to be
ironed out. For starters, some existing (and
successful) national programmes – Italy’s
Sistema Pubblico di identità Digitale, for
instance, which has almost 35 million
active users – fall short of the highest level
of verification assurance required by the
new regulation.
“None of those users would be considered
adequately onboarded, so they would need
to go through that process all over again to
qualify for EIDAS 2.0 identities,” Bud says.
B
Emma Woollacott
While the EU is working to limit such disruption, the task of developing the technical standards required to meet the highest
levels of assurance is not straightforward.
“The underlying standards – W3C verifiable credentials – are evolving, so it is
The brutal reality that
people must understand
is that it’s not if their
identity is going to be
compromised; it’s when
tricky to build upon a moving foundation,”
Bud explains.
This all means that numerous unanswered questions remain about how the
EIDAS 2.0 framework will work in practice.
Neil Slater is regional director, UK and
Ireland, at Veridas, a Spanish firm specialising in biometric ID systems. He believes
that there is “a significant challenge as to
what the commercial model is going to look
like and who is going to be responsible for
the data. There are still many things that
need to be resolved. How will the people
who provide that digital identity be compensated, for instance?”
Despite such uncertainty, most market
watchers believe that EIDAS 2.0 will turn
out to be a game-changer for digital ID
schemes more broadly.
“This will disrupt the way digital identity
is done worldwide,” Bud predicts. “The
European digital identity wallet will be the
first large international scheme to be based
on verifiable credential technology. Until
now, verifiable credentials have been a faroff aspiration for technologists. Adoption
by the EU changes everything. It will lead to
the adoption of this tech elsewhere.”
Westminster is taking a different tack
from that of Brussels by seeking to introduce a framework that gives private sector
providers more leeway in how they develop
solutions, as long as these meet certain
baseline criteria. That’s the view of Will
Richmond-Coggan, a partner specialising
in data privacy at law firm Freeths.
“It will be interesting to see whether the
European approach – a top-down diktat
about exactly what the verification technology needs to comprise – will turn out to be
A business, science and
technology journalist with more
than two decades of experience.
more successful
than the more
flexible approach we
are likely to see from
the UK,” he says.
Richmond-Coggan adds that
the need for a more harmonised set of
global standards will become increasingly
important as more countries develop digital
ID schemes of their own.
“What drives EIDAS 2.0 is the recognition that digital identity verification is
meaningless if it’s not transnational, given
that so much commerce is cross-border in
nature,” he says. “If you are validating
someone’s identity, you need that to be
recognised consistently wherever you are
in the world.”
As the development of digital ID schemes
gathers momentum globally, some analysts
have voiced concerns that a significant
proportion of this work could slip into the
hands of big tech. The fear is that such an
outcome could restrict innovation.
“Control of digital identity data is extremely commercially valuable to platform
operators whose revenues depend on advertising or the monetisation of access to their
platform users,” Bud explains. “The bigger
GOVERNMENT-ISSUED DIGITAL IDENTIT Y VERIFICATION SYSTEMS ARE GENERALLY HIGHLY TRUSTED WORLDWIDE
Would trust
Consumers’ responses when asked about the trustworthiness of digital IDs issued in the following ways
Would not trust
Not sure
Government-issued
87%
7%
6%
Issued by the private sector under government supervision
67%
17%
16%
Issued through a collaboration of some or all stakeholder groups
41%
23%
36%
Issued by the private sector without government supervision
12%
62%
26%
Issued by a non-governmental organisation
12%
49%
39%
Association of Certified Anti-Money Laundering Specialists, Royal United Services Institute, YouGov, 2021
p l aye r s ,
which can
more easily
add identity data
to their collection of
revenue -generating services, will create
barriers to those seeking to develop competitive alternatives.”
To deal with that risk, the EU has been
enacting policies designed to ensure that
innovation and competition continue unimpeded. For instance, the Digital Markets
Act 2022 protects third-party identity
service providers from incurring additional
charges from big tech when accessing
devices to verify users.
The recent advances in generative AI
may also focus minds on the need for wider
digital ID adoption to reduce the risk of
online fraud, Bud notes.
“The ability to create sophisticated fake
images and voices – and, indeed, conversations – has become available to almost
everyone,” he says. “We will soon be unable
to tell the difference between a fake image
and a human being.”
This means that ID verification tech
will need to incorporate so-called liveness
detection systems. These are designed to
ensure there is a real person involved and
not computer-generated imagery.
Past ID initiatives have generally elicited
either resistance or apathy from British
consumers. With this in mind, a public
education programme may soon be appropriate, according to Slater.
“We need to start really educating people
on the benefits of having a digital identity
and explaining that it isn’t one step closer
to giving Big Brother control over our lives,”
he says. “The brutal reality that people
must understand is that it’s not if their
identity is going to be compromised; it’s
when – and that a digital ID can add a significant layer of security.”
Bud believes that the prospects for digital ID are brighter in the UK than they have
been at any time over the past decade, but
he notes that challenges remain. The lack of
a clear approach from policy-makers is a
risk, he says, and the government has yet to
map out how AI, privacy and cybersecurity
regulation will work together.
“Lots of important plates are spinning
just now,” Bud says. “It’s crucial that not
one of them breaks.”
Campaign manager
Alfie Turnell
Reports editor
Ian Deering
Deputy reports editor
James Sutton
Editor
Sarah Vizard
Chief sub-editor
Neil Cole
Sub-editor
Christina Ryder
Commercial content editors
Laura Bithell
Joy Persaud
Associate commercial editor
Phoebe Borwell
Head of production
Justyna O’Connell
Production executive
Sabrina Severino
Design
Harry Lewis-Irlam
Celina Lucey
Colm McDermott
Samuele Motta
Sean Wyatt-Livesley
Illustration
Sara Gelfgren
Kellie Jerrard
Design director
Tim Whitlock
Although this publication is funded through advertising
and sponsorship, all editorial is without bias and sponsored
features are clearly labelled. For an upcoming schedule,
partnership inquiries or feedback, please call +44 (0)20 8616
7400 or e-mail info@raconteur.net. Raconteur is a leading
publisher of special-interest content and research. Its publications and articles cover a wide range of topics, including
business, finance, sustainability, healthcare, lifestyle and
technology. Raconteur special reports are published exclusively in The Times and The Sunday Times as well as online at
raconteur.net. The information contained in this publication
has been obtained from sources the Proprietors believe to
be correct. However, no legal liability can be accepted for any
errors. No part of this publication may be reproduced without the prior consent of the Publisher. © Raconteur Media
raconteur-media
@raconteur
@raconteur.stories
raconteur.net
/cybersecurity-2023