We're still waiting for UK government to get strategic about cybersecurity

Government investment in cybersecurity is great, but what matters is where the money goes

The Queen has opened the new British National Cyber Security Centre (NCSC), and chief executive Ciaran Martin insisted it's the "perfect place to coordinate our cybersecurity and manage incidents across the UK".

He also said that "initiatives will disappoint" and "things will go wrong" which pretty much sums up the UK government's cybersecurity strategy thus far. Which you may think is an odd statement, given that Chancellor of the Exchequer, Philip Hammond MP, stated at the NCSC opening that it will cement our position as a "world leader in cybersecurity". This, frankly, is an odd statement.

Show us the money

Hammond also insisted that "Britain is transforming its capabilities in cyber defence and deterrence", which is good to know. Unfortunately, the government has been saying this for years but not actually doing much to any great effect.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Hammond's predecessor, George Osborne, was also good at talking about cybersecurity. In a 2015 speech announcing 1.9 billion of cybersecurity spending over five years, Osborne mentioned the word 'cyber' 134 times in 45 minutes. Given that there are only three years left of Osborne's original spending timeline, and the current government has made little by way of firm strategic commitments, it's worrying to say the least.

Show us the strategy

Forget 'world leader'; Parliament's Public Accounts Committee chair, Meg Hillier, said that Britain is ranked below Brazil, China and South Africa when it comes to securing smartphones and laptops. This is hardly surprising when the committee report says the government has "little oversight of the costs and performance of government information assurance projects and processes".

The big picture, the strategic problem, is that the government effectively does not have a consistent approach to security breaches and so is unable to make informed decisions when it comes to prioritising resources both financial and hands-on.

Addressing the skills shortage is a start

All that said, there are some promising moves coming from the government. These include initiatives such as GCHQ's CyberFirst programme, which offers the best graduates financial support through bursaries and employment placements which can help them get the hands-on experience needed to properly skill the UK cybersecurity sector.

Advertisement - Article continues below

Beyond that and the opening of the NCSC, the National Cyber Security Strategy (NCSS) seems to be treading water somewhat. It's asked security companies, two years on, to put forward ideas as to how the UK can become cyber secure. It's asking for submissions on such things as what threats we face (yes, seriously) and how the government can combat them (ditto).

Looking for leadership

Should we be that surprised at this apparent discordant response to the cybersecurity threat? If you look to the average enterprise and how cybersecurity is rarely a strategic, business process-led, boardroom level discussion, then the answer is: well no, not really.

That so many C-suite directors do not understand the threats they face when it comes to cyber attack, let alone how to approach defending the organisation, now is the time for the government to grasp the nettle and show some leadership. There are three years of the five-year strategy left, and time is fast running out for the UK government to finally decide what that strategy actually is...

Picture: Bigstock

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now
Advertisement

Recommended

Visit/strategy/29101/six-ways-boards-can-step-up-support-for-cyber-security
Business strategy

Six ways boards can step up support for cyber security

27 Jan 2020
Visit/business-strategy/chief-information-officer-cio/354564/cios-are-taking-their-seat-at-the-boardroom
chief information officer (CIO)

CIOs are taking their seat at the boardroom table

17 Jan 2020
Visit/strategy/28223/cio-job-description-what-does-a-cio-do
Business strategy

CIO job description: What does a CIO do?

7 Jan 2020
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Most Popular

Visit/cloud/cloud-computing/354767/google-cloud-snaps-up-multi-cloud-analytics-platform-for-26bn
cloud computing

Google Cloud snaps up multi-cloud analytics platform for $2.6bn

13 Feb 2020
Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/cloud/microsoft-azure/354771/microsoft-azure-is-a-testament-to-satya-nadellas-strategic-nouse
Microsoft Azure

Microsoft Azure is a testament to Satya Nadella’s strategic nouse

14 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020