Prem Kamath believes cyber security breaches in the UAE may be more common than business owners and consumers think because not all of them get publicly reported.
The cyber law consultant and managing partner of Rad & Partners legal consultancy in Dubai talks about what he thinks should be done to boost protection.
How are laws regarding cyber security unique from many others in the legal system?
Cyber law is different for the reason it involves a bit of technology fused with law. Technology changes tomorrow. Law cannot be changed everyday like technology. This is the most difficult part. By the time you bring a law for one [issue], you are 200 metres away from it and you have 400 new [issues] already lined up. You can't have closed provisions. You have to have broad definitions without specifying this section is for credit card fraud, this section is for data fraud.
Do you think if there was more public reporting of these issues there would be a broadening of the law?
Exactly. More reporting of the issues will make the government aware of the pitfalls in the law. No law is perfect. It has to grow, develop and imbibe all those gaps, loops and holes which need to be filled.
In other parts of the world, governments have legislated rules requiring companies to publicly disclose security breaches. Do you think a similar tactic should be used here?
The UAE does need a strategic cyber security policy. That would be something that gives you points as a corporate [or business] that you are bound to adhere to with regard to your cyber security. The UAE does have the best infrastructure and technology. But the point is that with the technology you need a strong backup of law.
One of the things that seems to be a challenge, though, is businesses would have to admit they've done something wrong if security breaches were made public.
None of the banks will bring it out in the open because they'd certainly not like it to be splashed in the news. All [their customers would] get scared: "How safe are we? Our accounts and money are in that bank." But the point is banks are being hit, banks are facing a lot of intrusions. Why does each bank have such a huge department on the data collection and fraud department?
So what's the upshot on data breaches?
The point is if they [want] to curb it, it needs to be reported. The negative is the bank might lose some of its credibility, but on the positive side, people will become aware that cyber crimes are on the rise and need to be more alert with their online banking, phone banking and credit card. Cyber crime goes on because people are confident they cannot be traced - the anonymity. That's the best mask of committing a crime.