When Ransomware Kills: Should Directors Face Prison for Cyber Negligence?
The Small Business Cyber Security Guy | Cybersecurity for SMB & Startups · 2025-11-17 · 42 min
Episode notes
What happens when business negligence causes serious harm to thousands of people? If a faulty ladder injures someone, directors face prison time. If forty million people have their data stolen due to poor security, they receive a strongly worded letter. In this provocative first episode of our two-part series, Noel and Mauven examine the shocking disparity between health and safety enforcement and cybersecurity regulation in the UK. We compare the HSE's tough approach (prison sentences, director liability, millions in fines) with the ICO's gentle touch (guidance, occasional fines, zero criminal consequences). With 40 million voter records compromised at the Electoral Commission resulting in just a formal reprimand, whilst construction directors regularly face 18-month prison sentences for single workplace accidents, we ask the uncomfortable question: why is cybersecurity enforcement essentially performative? This isn't anti-business rhetoric.