Re-defining UK cyber strategy
Cybercrime is a growing industry that, if it were a country, would be the world’s third largest economy1. The global risk over the five years from 2019 was projected to be $5.2 trillion2, and the rise of hybrid work has only exacerbated the threat.
The UK National Cyber Strategy, published in 20163, powered a new era of innovation for the industry. It saw the establishment of the National Cyber Security Centre (NCSC), as well as Government-funded accelerators like Plexal Cyber, and clusters of cyber innovation all around the country.
But this was a strategy created for a very different landscape to the one we see today.
Businesses now hold their data across a more distributed landscape. This has created a rich environment for threat actors to4 exploit individuals who lack cyber awareness, or whose home networks and devices are less secure.
Cybersecurity was once viewed as something that impacts economic development, it is now a part of the economic ecosystem itself, with these firms contributing almost £9 billion to the UK.
It is therefore timely that the strategy has been refreshed for 20225, with a vision that takes the UK cyber industry through to the end of this decade. It shares how the Government aims to pioneer a secure future for the whole of the UK: to ensure that we can be confident, capable and resilient in this fast-moving digital world.
But while the strategy is a vision of where the UK wants to be, the action plan must come from those with a voice and a stake in the day-to-day operating of UK infrastructure and enterprise.
Learning lessons and measuring progress
The period since 2016 has been a coming-of-age moment for UK cyber. Today, there’s an increased awareness of the importance of cybersecurity. More than three-quarters of businesses say cybersecurity is a high priority6 for their directors or senior managers, compared to just over two-thirds five years earlier.
What they are perhaps unsure of, is how to create a strategy that helps them to understand and address threats in all their forms, today and in the future. This is where a new strategy can play its part.
The sector itself has also seen significant growth with almost 1500 registered active firms within the UK providing cybersecurity products and services, a 75% rise since 2017/187. Where cybersecurity was once viewed as something that impacts economic development, it is now a part of the economic ecosystem itself, with these firms contributing almost £9 billion to the UK.
There is also an increased international challenge to address, particularly for multi-national corporations who operate in competing political environments, and must align to the diverse privacy expectations and regulations of each country they operate in.
This is where there is a need for the public sector to take a more hands-on role, with the predominant focus of Government having been on Critical National Infrastructure rather than enterprise.
A tandem approach to addressing cybercrime between the public and private sectors will pave the way for better innovation and in turn, economic growth. By aligning to Government strategy, organisations will have more freedom to innovate, with the right solutions in place for their business that balance security needs with space for creativity in their teams.
Successful cyber-resilience requires co-operation
Cybersecurity successfully integrated into business strategy is a balance of risk and reward. By taking no risks, organisations will reduce the chances of being attacked. But without the freedom to innovate, their growth is limited and in the event their defences are breached, they will face the same challenges in recovery as any other.
That is why Dell Technologies and Intel advocate for an approach of resilience as well as resistance8. As or perhaps even more important than the security measures you take are the strategies you have in place to recover critical data and get your business operational again.
There is also a need for cybersecurity leaders and indeed, regulation, to look beyond existing threats
The National Cyber Strategy highlights resilience is crucial to the UK’s security. It demonstrates the wider societal and economic impact of cybersecurity, aiming to build trust between Government and business. By aligning to business priorities, leaders will be more likely to put their faith in recovery solutions and not give into financial ransomware demands, simply to get their organisations back up and running9.
There is also a need for cybersecurity leaders and indeed, regulation, to look beyond existing threats. While solutions continue to advance, so do cybercriminals. Successful mitigation requires creative thinking that considers the potential threats of the future, as well as those we know of already.
This again requires a more active role from Government. By co-operating with international partners, legislators can identify new and emerging threats and respond with the required regulation.
Fostering an inclusive cyber community
If creativity is required to adequately respond to threats, then the industry needs to become more representative and inclusive.
This is starting to happen. Figures show a rise of women in the UK cyber sector – around 36% in a 2021 NCSC report10, 5% up on the previous year – and that the percentage of employees from ethnic minority backgrounds and with disabilities, are broadly in line with the general population.
But while diversity is improving, there are still challenges of inclusion with more than double the number of women than men, and 40% of Black employees compared to 24% of white, stating they have faced barriers to career progression.
There is also room for further progress is in the distribution of jobs and skills, with London and the South East home to 45% of sector employment and 85% of external investment11. For the sector to thrive and for all parts of the UK to be protected, we need to level up and invest across the country.
And while it is important to strengthen existing cyber clusters and educational facilities, we need to ensure opportunities into cyber are easily accessible. One route could be through financial incentives for cyber companies to take on apprentices from more diverse demographic backgrounds.
Making Progress
At Dell Technologies and Intel, we believe that technology does not evolve for the sake of it. Its purpose is to drive human progress. And it has to be for everyone.
This is easy to lose sight of when the business cost of a cyber breach is so high. But if human progress is not built into cyber strategies and we do not take individuals with us on the journey of technological change, then we cannot fully realise the positive potential of technology.
Having laid the groundwork since 2016, the new UK National Cyber Strategy is a step forward in making the UK a more secure and resilient nation, built to resist and recover from any cyber threat. But we cannot expect this to come together without clear action and collaboration between the public and private sectors, with regulations that have the protection of people at their heart.
……………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………….
References:
1 https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/
2 https://newsroom.accenture.com/news/cybercrime-could-cost-companies-us-5-2-trillion-over-next-five-years-according-to-new-research-from-accenture.htm
3 https://www.gov.uk/government/publications/national-cyber-security-strategy-2016-to-2021
4 Customer Stories
5 https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1053023/national-cyber-strategy-amend.pdf
6 https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2021/cyber-security-breaches-survey-2021
7 https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/962413/UK_Cyber_Security_Sectoral_Analysis__2021_.pdf
8 Deliver Operational Resilience
9 Forbes article: Most business executives would be willing to pay cyberransoms
10 https://www.ncsc.gov.uk/files/KPMG-and-the-NCSC-Decrypting-Diversity-2021-report.pdf
11 https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/962413/UK_Cyber_Security_Sectoral_Analysis__2021_.pdf
