ISPA Awards 2020
Written entry deadline is 27th March!
Click here to find the submission forms

Good to hear @Ofcom set out its approach to regulating to prevent #OnlineHarms - namely that it will be an evolutionary, evidence-based approach. We’d suggest a good starting point is knowing, independently, confidently and proportionality which users are adults and which are not

ISPs call for law enforcement and Government to raise their game on cyber security

Better law enforcement training and coordination of cyber security and support for a Government-backed awareness campaign are two key findings of an ISP cyber security survey carried out by the Internet Services Providers’ Association (ISPA). The report is available here.

Cyber security has risen up the agenda for business, policymakers, Government, law enforcement and users in recent times, yet it has always been a priority for ISPs. ISPA surveyed its members across a range of cyber security areas, including where it sits in their business, the nature and impact of cyber-attacks, the tech used to safeguard networks and the role of end users, Government and law enforcement.

The survey findings demonstrate that cyber security is a rising priority, with senior responsibility within the company as ISPs and customers are subject to regular attacks. ISPs play a proactive role through network protection, customer support and by working with authorities to help mitigate threats. Government and law enforcement should prioritise awareness raising and education, and improve how they deal with reports and coordination of cyber security.

Launching the report and recommendations, ISPA Chair James Blessing said “Cyber-security is critical, and this survey shows how it has become an even bigger issue for ISPs. The survey also reveals that industry believes Government and law enforcement need to raise their game in tackling cyber crime and need to have a clear plan on how they will be tackling offenders and raising awareness among users.

The survey further shows a real belief among ISPA members in a partnership approach with different stakeholders playing their part. This means government, law enforcement, internet companies, individual users, ISPs and businesses all working together to protect networks, follow good cyber hygiene, mitigate threats and bring offenders to justice.”

Cyber security is critical for ISPs

With over 90% of ISPs coming under some form of attack, over three quarters of respondents planned to spend more on cyber-security. Responsibility for cyber-security lies with the top layer of management for 93% of respondents and over three quarters said it had become an even more important priority in the last five years. Cyber is good for business too, with 75% saying they had been asked about cyber security by potential customers.
ISPs are concerned that intrusive powers in the Investigatory Powers Bill will compromise security, and that better enforcement and more prosecutions were more effective than new regulation.

ISPs take a proactive role

85% of those surveyed said ISPs should take a proactive role in cyber security, with 92% offering free tools and assistance for customers and 100% either have reported or would report breaches, and more than two-thirds sharing information with industry colleagues.

Government and law enforcement need to up their game

Law enforcement needs to improve how it handles cyber-crime with a wide gap in reports actually leading to successful investigations. Of the 83% of respondents who reported cyber-crime to the police, only 20% felt reports were consistently followed up and 30% said reports received no response at all. When asked how cyber-crime could be better handled, ISPs said the police needed more funding and better training, better threat information sharing and a new education and public information campaign for end users.

10 key findings

The results from the ISPA members that were surveyed reveal 10 key findings:

1. Cyber-security is an increasing priority for 79% of ISPs surveyed, 77% said spending is increasing and MDs or C-Suite executives are accountable for cyber-attacks
2. 92% are subject to cyber-attacks on a daily (31%), weekly (23%) or monthly (38%) basis
3. ISPs provide a wide variety of tools and services to protect networks and tools to end users
4. 85% of those surveyed said ISPs should have a proactive role to play in maintaining customer protection and mitigation
5. ISPs take a proactive approach, with 84% of those surveyed having reported incidents and breaches and 92% provide advice and tools
6. ISPs want Government to focus on awareness raising (64%) rather than creating new regulations (18%) to meet the challenges of cyber security
7. Law enforcement should prioritise better training (83%) and coordination with industry (83%), as well as increase funding (58) and prosecutions (50%)
8. 91% are concerned about Government surveillance measures impacting on network security
9. There is inconsistency with how law enforcement deals with ISP incident reporting
10. While a large number of public bodies are in contact with ISPs, a third receive little or no contact


In response to the survey and in consultation with wider industry, ISPA has made the following recommendations:

1. Government should focus be on education, awareness and work collaboration with industry rather than resorting to legislation
2. Government must consider the damage surveillance legislation can have on network security, such as the intrusive hacking powers within the Investigatory Powers Bill
3. Law enforcement should prioritise better training of officers and coordination of cyber security
4. There needs to be more consistency when an ISP reports a case to law enforcement so that all reports are followed up and investigated to bring criminals to justice
5. Authorities must do more to reach out to the full breadth of the ISP industry, engaging them in information sharing work and consultation

Close window

A cookie is a snippet of text that is sent from a website's servers and stored on a web browser. The non-essential cookies used on this website are:

Sessions - We set a small PHP session cookie for our cookie notification functionality, this is deleted as soon as you close your browser.

Google Analytics - This allows us to look at really useful data about the visitors we have had to our website.
Cookie details:
To read more about Google's cookies visit

YouTube/Vimeo - If our website cotains videos then some cookies may be used for tracking views etc. These cookies are implimented if you press play though.

WordPress - If we have comments enabled or allow the public to contribute in other ways via default WordPress functionality we will also use some cookies. These are required for the website to function properly.
Cookie details:
To read more about WordPress' cookies visit

Managing Cookies
For information on how to manage your cookie settings please follow the link for your browser:

Close window
It looks like your cookies are switched off. To ensure the best experience whilst visiting our website please consider allowing cookies.

You can find out how to change your settings or more about the cookies we use at the bottom of this page.