Mr. Brian Honan:

Yes, there are various things like that. I come back to one of the comments made by the Deputy, which was that users are the weakest link. I would argue that should not be the case. I am giving a talk next week at a conference in Croatia and I am going to use the analogy of the car industry and how, over the years, it became more and more regulated. The car manufacturers did not put airbags or seatbelts into cars for the good of our health but because they were forced to by regulation and because Governments got worried about the cost to the economy of the road deaths and accidents that were happening. We have now built into our automobile environment better roads and better cars, which has been driven by regulation and design, and drivers have to be trained. My son is currently preparing for his driving test. When I did my driving test, I did not have to have any lessons whereas he will need a minimum of 12 lessons. We are improving those things. However, we do not have the same level of architecture and design throughout the whole IT and cybersecurity ecosystem.

My argument is this: if somebody clicks on an attachment in an email, why is he or she the one getting the blame for all the security defences that did not stop an email getting in there in the first place? If I crash my car, I may have gone over a white line, been speeding or tried to run a red light, and that is the human factor, but the car is designed to protect me and others if I make those mistakes. That is the way we should be looking at our infrastructure from an IT and cyber point of view. We need to protect people from making mistakes and not rely on the person at the end to not click on the attachment. Email was designed to share links and attachments, so it is kind of counterintuitive.