“We are still seeing an increase in hugely damaging cyber attacks in the UK, but that’s true of every country on the planet. Cyber incidents will continue to have severe negative impact as business digitise their operations, but we cannot think of the task of improving cyber resilience as like boiling the ocean. Improvement is possible and taking stock of the UK’s progress on cyber security through reports like this is vital.
“The report correctly highlights poor cyber security hygiene and investment as major contributors to increased cyber incidents. Likewise, it is true that further market intervention is required to help raise the bar to protect UK economy. However, I do believe that interventions like Cyber Essentials, GDPR and NIS have raised the profile of cyber and data security in the UK, and have improved understanding and investment where they are applicable among businesses.
“Education remains key, which is why the Foundation section of the report is so important. The UK needs to help organisations understand the risks and provide support to allow them to mitigate them, which is a shared responsibility among industry and the government. Market incentives are a powerful way to achieve this, with Cyber Essentials in Government procurement a good demonstration of how it forced suppliers to raise their standards. Capability is also important, bringing forward skills and understanding those needed to help organisations solve key security challenges. This needs to be coupled with investment in training and knowledge in digital and cyber to help educate the UK workforce.