Cyber security: striking a difficult balance

Governments alone cannot solve the IT security challenge. The IT industry, and business community need to take action too.

Inside the enterprise: If defence of the realm is the first duty of government, then when it comes to cyber threats, the UK should be ahead of the game.

Over the last few years, the UK government and its agencies have invested significantly in stepping up cybersecurity protection, even devoting a significant share of a declining military budget to cyber measures.

Advertisement - Article continues below

Maybe now is the time for the IT industry to show what it is doing to put its cyber-security house in order.

Business advice, too, has been at the centre of this more hands-on approach, with a range of measures drafted to help businesses improve their own cybersecurity posture. This is one area, at least, where we really are "all in it together".

By the Government's own estimates, 93 per cent of large companies, and 87 per cent of SMEs, have suffered a cyber breach over the last year with a cost ranging from 450,000 to 850,000 for breaches at large enterprises.

Aside from direct involvement in countering the cyber threat, such as the 650m committed to cyber protection in 2010's Strategic Defence and Security Review, the focus has been on improving collaboration between Government, and its security agencies, and business.

Advertisement - Article continues below

This has, for example, led to a more overt role for GCHQ, including an extension of the Cheltenham-led CESG CCP certification scheme to private sector candidates. Previously, this certification was limited to civil servants, the military, and of course, the spooks.

Advertisement - Article continues below

This is generally beneficial: smaller firms, in particular, should benefit from free and generally high-quality advice. But the government needs to strike a balance between supporting business, and dictating to them how to protect themselves. This balance is especially difficult in areas of critical national infrastructure (CNI), where companies deliver services that everyone in the country depends on.

The latest move by the UK Government is its policy paper, Cyber security skills: business perspectives and government's next steps, published earlier this month.

This latest paper includes a proposed, new cyber-security curriculum for 11 to 14 year olds, and more support around cyber security for the university sector. A large part of the Government's overall strategy, according to ministers, is to improve the UK's "cross- cutting knowledge, skills and capability" the country needs to improve cyber security protection.

This, the Government admits, is a challenge. Barriers range from a low take-up of STEM (science, engineering, technology and maths) subjects in school and a lack of awareness of cybersecurity careers, to a need to improve broader understanding of cyber risks. This includes continuing to raise awareness among company boards.

Advertisement - Article continues below

Again, addressing these issues is a laudable aim and the UK has made real progress in improving both awareness and the level of security skills, and the overall standard of defence over the last few years.

But there is a risk that well-meaning initiatives turn into overly prescriptive measures.

There is a plethora of security certifications in the profession already, and some industry figures question whether more are needed, especially certifications that lean heavily on public sector practice. And new laws coming up, such as the EU's Data Protection Regulation, could go further in telling companies how to protect their systems.

Government action so far has been useful, and should be welcomed. But maybe now is the time for the IT industry to show what it is doing to put its cyber-security house in order.

Stephen Pritchard is contributing editor at IT Pro.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now



10 quick tips to identifying phishing emails

16 Mar 2020
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020
Policy & legislation

Ofcom handed remit to police Silicon Valley giants

12 Feb 2020

Amazon will pass on 2% digital tax to sellers

16 Jan 2020

Most Popular

cyber security

40% of password managers duped by a fake Google app

17 Mar 2020
operating systems

How to speed up Windows 10

4 Mar 2020
Mobile Phones

Apple limiting iPhone sales to two devices due to supply shortages

20 Mar 2020
Microsoft Office

Microsoft Teams surpasses 44 million users after remote working surge

20 Mar 2020