The government has urged businesses to start to treat cyber crime and digitally enabled fraud as a major strategic threat as it launches a new National Cyber Advisory Board, a group of sector leaders that will meet regularly to discuss live security threats and how to counter them.
With more than 1.6 million people and tens of thousands of businesses falling victim to cyber crime in the UK, senior politician Nadim Zahawi, who will chair the board alongside Lloyds Banking Group chief security officer Sharon Barber, is leading a new drive for businesses to tighten up their security under the auspices of the £2.6bn National Cyber Strategy.
Zahawi, who earlier this year served just 63 days as chancellor of the exchequer before being replaced by Kwasi Kwarteng, who served 38, now occupies the post of chancellor of the Duchy of Lancaster, and as such has become the lead minister for cyber security in the current cabinet.
He said company leaders must start to consider cyber crime as a governance board-level issue requiring a strategic approach if they are to successfully counter security threats. Strengthening security will also help enable Westminster’s economic growth plans, and secure future investment in infrastructure, skills and innovation, he said.
“British business is at the heart of our economy and will form a key part of our ambitious economic growth plans, which will deliver higher wages and greater opportunity for people right across the UK,” said Zahawi.
“One of the building blocks of our plan is the online security of public services and the private sector, because you cannot achieve economic growth without economic security in a digital world.
“We need organisations to do more to boost their cyber defences. It is clear from the number of businesses that have suffered cyber attacks that this is an area of vulnerability. Businesses need to understand that the cyber threat we face is no longer an issue just for company IT departments – it is a board-level problem that must be met with board-level interventions.
“So my message to businesses is clear: work more closely with us on building skills, training and online defences, which will have a positive impact on the successes of your companies and will, in turn, help us deliver our ambitious plan to increase economic prosperity and put more money into people’s pockets.”
The government said it wanted businesses to elevate cyber issues and ensure boards receive regular briefings on threats, have appropriate strategies and incident response plans in place, manage risks in the supply chain, properly train their staff and properly protect their devices.
John Goodacre, professor of computer architectures at the University of Manchester and director of UK Research and Innovation’s (UKRI’s) Digital Security by Design challenge, said: “Addressing the spiralling costs and disruption of cyber crime is a nationally important topic. This announcement from the government is focused on the challenges of today, helping businesses to boost their defences and cyber response.
“The government is also engaged with industry to better balance responsibility across the supply chain, whether through the consumer protections from the PSTI bill, or through technology advancements such as the Digital Security by Design programme, which should block around 70% of the ongoing software vulnerabilities from exploitation by cyber criminals.”
Javvad Malik, lead security awareness advocate at training specialist KnowBe4, added: “Gone are the days when only government departments or large organisations such as banks were targeted by cyber criminals. Today, we see organisations of all sizes and across all verticals being targeted equally. And with the dependency on technology, no one is immune to the impact it causes.
“From that perspective, Zahawi is correct that organisations need to do more to protect themselves from cyber attacks – particularly small or medium ones which may not know where to start from, or feel overwhelmed by the amount of attacks.
“The Cyber Essentials scheme by the NCSC is a good starting point for most organisations. Other than that, it is important to look at the root causes for most of the cyber attacks. These break down into three common themes – social engineering such as phishing, credential compromises, and exploiting unpatched systems. By putting in place controls to address these three root causes, many organisations can avoid becoming victims of cyber crime.”
Meanwhile, in a speech delivered to an audience at Singapore International Cyber Week, cabinet office minister Lucy Neville-Rolfe today spoke of the need for businesses, governments and partners to collaborate to tackle cyber crime, echoing long-established thinking on the issue.
“Billions of pounds are lost each year to cyber criminals who disrupt key public services or vital sectors of the national economy, and it is important that, as a society, we take this threat seriously,” said Neville-Rolfe.
“Only if we build up our cyber resilience right across the country, bolster our offensive and defensive capabilities and business systems, and ensure everyone plays their part in the UK’s cyber future, will we prosper from the opportunities that the online world brings.
“As a leading responsible cyber power, we will also continue to build alliances with democratic partners around the world to protect a free, open and peaceful cyber space.”