Government to use levers to exert pressure on businesses and organisations to manage their cyber risks.
The National Cyber Security Strategy Report 2016 was published yesterday. The report says that the government intends to use various levers such as the General Data Protection Regulation (GDPR), insurers, regulators and investors, to exert influence on businesses and organisations to ensure they manage cyber risk
The increasing cyber security threats
“We regularly see attempts by states and state-sponsored groups to penetrate UK networks for political, diplomatic,technological, commercial and strategic advantage, with a principal focus on the government, defence, finance, energy and telecommunications sectors”
The report highlights the growing threats from various sources including state sponsored threats, terrorists, hacktivists, insider threats and “script kiddies” and gives three recent case studies, Talk Talk, an Attack on a Bangladesh Bank Swift system and the Ukraine Power Grid Attack to illustrate how these cases were not sophisticated attacks and that they may have been preventable if cyber risk had been managed effectively:
“..Cyber attacks are not necessarily sophisticated or inevitable and are the result of exploited – but easily rectifiable and, often, preventable – vulnerabilities…”
“…in most cases it continues to be the vulnerability of the victim rather than the ingenuity of the attacker, that is the deciding factor in the success of a cyber attack”
The report introduces the objectives of Defend, Deter and Develop as the government response to this. It has set aside £1.9bn of funding for the implementation of the new strategy by 2020.
How government intends to influence companies to manage cyber risk
The government states that it will make use of available levers, including the forthcoming GDPR to drive up standards of cyber security across the economy, industry, and if required through regulation.
“Businesses and organisations must also understand that, if they are a victim of a cyber attack, they are liable for the consequences”
The report says that the Government will work through organisations such as insurers, regulators and investors which they believe can exert influence over companies to ensure they manage cyber risk.
“it is the responsibility of organisations and company management, in both the public and private sector, to ensure their networks are secure and to exercise incident response plan”
First steps to manage cyber risk: Cyber Essentials
The report ends highlighting Cyber Essentials as a good basic step to take. It says:
“properly implementing the Cyber Essentials Scheme will protect against the vast majority of common internet threats”
> Start now! Need Cyber Essentials Certification in a hurry?
Need more help or information?
If you would like to talk to qualified and independent cyber security experts about the potential risks to your business/organisation and the steps you can take to mitigate them, please give us a call on 01392 247 110 or contact us on this form.