14 DAY TRIAL // As you already know, most security problems come from people ignoring some things that shouldn't be ignored. More than that, a lot of users and companies don't care about cyber-security because they see the same attitude in people around them. It's like a vicious circle of some sort - but someone needs to break it, to set an example. I would normally expect all people to take attitude regarding any type of security, not just the state. Companies should follow next and then individual users. That's what I would expect? and especially when talking about a great country like the UK. When I hear that Samoa has cyber-security problems, I'm not surprised, but the fact that the United Kingdom doesn't treat security right is really concerning.
The European Commission has given 34 directives concerning data protection some time ago. The UK tried to comply, but unfortunately, their Data Protection Act doesn't properly implement 11 out of the 34 directives, as the IT Compliance Institute informs.
As the same authority states, the directives that were not implemented as they should have been include (but are not limited to): definitions, the right of individuals to seek remedies in cases of breaches, the liabilities of organizations that suffer breaches, as well as the transfer of data outside the EU. So, basically, how do you expect to properly enforce cyber-security, and further more protect data, when the law doesn't help you enough?
However, no matter how well these laws are implemented, companies, as well as individuals should know that security lies more on their shoulders than on anyone else's. No matter what laws a government issues, they can't help you if you get a virus from the wild. This is why I'm always yapping about how important it is to have security software properly deployed on computers!