Challenges and Opportunities for business from the Government’s National Cyber Security Strategy 2016 – 2021
At the beginning of November the Government published its strategy for addressing the challenges of Cyber Security over the next 5 years. Whilst a lot of it is, as expected, directed towards what can be done at a Government level, the report also emphasizes the Government’s expectations of what businesses should be doing.
The report quotes some worrying statistics from its Cyber Health Check and Cyber Security Breaches Survey 2016, including:
- less than a fifth of businesses had staff undertake cyber security training in the last year; and
- 65% of large organisations reported they had suffered an information security breach in the past year, and 24% of these experienced a breach at least once a month
Several vulnerabilities are specifically identified:
- increased connectivity through the Internet of Things;
- poor cyber hygiene and compliance;
- insufficient training and skills; and
- legacy and unpatched systems
The example of Talk Talk is given as a case study, which involved an old, unsupported system acquired as part of its takeover of Tiscali. Whilst Talk Talk is praised for its rapid reporting of the incident, it still reportedly cost them £60 million, an estimated 95,000 customers and a sharp drop in its share price.
The Government is employing the “stick and carrot” – promising to set aside £1.9 billion over the next five years in order to help it meet its objectives (including supporting start ups, investing in innovation, and encouraging cyber security as a career), so there may be opportunities for businesses here, but also pointing to the provisions of the forthcoming General Data Protection Regulation and raising the possibility of further legislation.
For more information please see: