Cyber security: striking a difficult balance

Governments alone cannot solve the IT security challenge. The IT industry, and business community need to take action too.

Inside the enterprise: If defence of the realm is the first duty of government, then when it comes to cyber threats, the UK should be ahead of the game.

Over the last few years, the UK government and its agencies have invested significantly in stepping up cybersecurity protection, even devoting a significant share of a declining military budget to cyber measures.

Maybe now is the time for the IT industry to show what it is doing to put its cyber-security house in order.

Business advice, too, has been at the centre of this more hands-on approach, with a range of measures drafted to help businesses improve their own cybersecurity posture. This is one area, at least, where we really are "all in it together".

Advertisement - Article continues below
Advertisement - Article continues below

By the Government's own estimates, 93 per cent of large companies, and 87 per cent of SMEs, have suffered a cyber breach over the last year with a cost ranging from 450,000 to 850,000 for breaches at large enterprises.

Aside from direct involvement in countering the cyber threat, such as the 650m committed to cyber protection in 2010's Strategic Defence and Security Review, the focus has been on improving collaboration between Government, and its security agencies, and business.

This has, for example, led to a more overt role for GCHQ, including an extension of the Cheltenham-led CESG CCP certification scheme to private sector candidates. Previously, this certification was limited to civil servants, the military, and of course, the spooks.

This is generally beneficial: smaller firms, in particular, should benefit from free and generally high-quality advice. But the government needs to strike a balance between supporting business, and dictating to them how to protect themselves. This balance is especially difficult in areas of critical national infrastructure (CNI), where companies deliver services that everyone in the country depends on.

The latest move by the UK Government is its policy paper, Cyber security skills: business perspectives and government's next steps, published earlier this month.

This latest paper includes a proposed, new cyber-security curriculum for 11 to 14 year olds, and more support around cyber security for the university sector. A large part of the Government's overall strategy, according to ministers, is to improve the UK's "cross- cutting knowledge, skills and capability" the country needs to improve cyber security protection.

Advertisement - Article continues below

This, the Government admits, is a challenge. Barriers range from a low take-up of STEM (science, engineering, technology and maths) subjects in school and a lack of awareness of cybersecurity careers, to a need to improve broader understanding of cyber risks. This includes continuing to raise awareness among company boards.

Again, addressing these issues is a laudable aim and the UK has made real progress in improving both awareness and the level of security skills, and the overall standard of defence over the last few years.

But there is a risk that well-meaning initiatives turn into overly prescriptive measures.

There is a plethora of security certifications in the profession already, and some industry figures question whether more are needed, especially certifications that lean heavily on public sector practice. And new laws coming up, such as the EU's Data Protection Regulation, could go further in telling companies how to protect their systems.

Advertisement - Article continues below

Government action so far has been useful, and should be welcomed. But maybe now is the time for the IT industry to show what it is doing to put its cyber-security house in order.

Stephen Pritchard is contributing editor at IT Pro.

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now


Policy & legislation

Ofcom handed remit to police Silicon Valley giants

12 Feb 2020

Amazon will pass on 2% digital tax to sellers

16 Jan 2020
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

cloud computing

Google Cloud snaps up multi-cloud analytics platform for $2.6bn

13 Feb 2020

How to use Chromecast without Wi-Fi

5 Feb 2020
Microsoft Azure

Microsoft Azure is a testament to Satya Nadella’s strategic nouse

14 Feb 2020
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020