The government wants to position the UK as a global leader in cybersecurity and make it one of the safest countries to do business.
These aims were set out in its Cyber Security Export Strategy; a five year plan for the Government to protect businesses and people, deter attackers and develop security skills. The report reads: “Our vision for 2021 is that the UK is secure and resilient to cyber threats, prosperous and confident in the digital world.”
This comes at a crucial time where technological trends are making organisations more vulnerable to a cyber attack. Everything is becoming digital and connected via the internet – from the blockchain to personal identification, which adds to the list of what is hackable.
This connected state also means that users are sharing data across the internet, leaving personal information at risk of exposure – we only have to look to the Cambridge Analytica and Facebook fiasco to be reminded of how much of our personal data is being handled by big companies and third parties.
And more businesses, individuals and governments are being hit. In fact, research from Vanson Bourne revealed that 40% of mid-large UK businesses suffered on average five ransomware attacks in the past year – costing them individually £329,976 per annum.
The results also show that the amount of businesses who suffered from attacks has increased from 48% in 2016 to 56% in 2018 and that the amount of time spent decrypting ransomware attacks has also increased from 33 to 40 man-hours.
Attacks can be devastating to businesses. The WannaCry ransomware attack caused unprecedented disruption to the NHS in 2017, followed by the globally devastating Petya attack, which the UK government later blamed on Russia. From universities to hospitals – no one was safe, and a Lloyd’s 2016 survey found that, in fact, 90% of big businesses have been hit by a major cyber attack.
To try and reduce the amount of attacks in the UK, the government report states that global spend on cybersecurity products is expected to exceed £759bn cumulatively from 2017 to 2021.
This spend has been shaped around smart technology, which is digitising many industries. £0.9bn of the total spend is devoted to the automotive industry: as vehicles get ‘smarter’, cyber threats are rising due to the vulnerability to hacking of the new generation cars.
Money will also be given to the energy sector to secure smart grids and devices, the healthcare industry to protect millions of people’s medical data and life support systems, and ubiquitous travel infrastructure to avoid severe delays to transport.
Despite this spend, the Hiscox Cyber Readiness Report 2017 found that 53% of 3,000 companies surveyed were ill-prepared to deal with a cyber attack. The government’s strategy highlights the needs for training and education in cybersecurity and enforcing new regulation such as the EU’s General Data Protection Regulation (GDPR) to reduce that number.
The government is also partnering with the Department for International Trade to work with other countries as a way to position themselves as top security professionals. This is plausible; Vanson Bourne’s research found that the UK is the most resolute, both in refusing to pay ransom demands, as well as the most effective in combating them. Businesses in the UK experience the fewest number of attacks compared to Germany, France and the USA. The UK also has a 43% success rate in defending against attacks.
With this in mind, the Government’s Cybersecurity strategy discusses the role the UK can play in guiding other nations. To set an example and build a good reputation, the DIT will introduce British security software to buyers across the world; including governments in the USA, the Gulf and South East Asia.
Jason Hart, CTO of Data Protection, Gemalto shared his thoughts on this: “The UK has long been a cybersecurity leader, so it’s great to see some of this expertise being shared with other countries. With much of our world now connected by valuable data, hackers can easily access this data unless everyone gets the basics right when it comes to security.
“Businesses need to be protecting what matters by encrypting the data at its source and restrict access via identity controls. If the UK can help other nations follow these basic security principles then we’ll go some way to better protecting our valuable assets,” he added.
Moving forward, the government does have a role to play in ensuring major attacks don’t devastate crucial security systems. Investment and reputation building, as set out in this strategy report, is key here, as organisations aim to further automate cyber security to limit human error, secure legacy systems and introduce secure by design systems to prevent rather than react.