Out-Law News 2 min. read

UK government announces £1.9 billion cybersecurity investment


The UK will invest £1.9 billion over the next five years in a cybersecurity strategy that will include automatic defences to protect businesses and citizens, chancellor Philip Hammond has said.

The country's "cyber workforce" will also be increased to improve protection against attacks, Hammond said.

The investment almost doubles the funding of the previous cybersecurity strategy, which began in 2011, Hammond said.

"Cybersecurity is recognised as one of the greatest threats to business around the world, with the global cost of crimes in cyberspace estimated at $445 billion, according to the World Economic Forum’s 2016 Global Risks Report," Hammond's statement said.

Society is vulnerable to cyber-attacks "thanks to the expanding range of connected devices which are creating more opportunities for exploitation; more demand for training and skills; old legacy IT systems used by many organisations in the UK and the readily available suite of user-friendly hacking tools which means everyone from the living room to the boardroom is exposed to malicious hackers", the statement said.

Hammond said: "Britain is already an acknowledged global leader in cybersecurity thanks to our investment of over £860 million in the last parliament, but we must now keep up with the scale and pace of the threats we face. Our new strategy, underpinned by £1.9bn of support over five years and excellent partnerships with industry and academia, will allow us to take even greater steps to defend ourselves in cyberspace and to strike back when we are attacked."

The chancellor also said that chief executives must take responsibility for ensuring that their organisations are secure against cyber-attacks.

The government is setting up a cybersecurity research institute, which it described as a "virtual collection" of universities, and an innovation centre to help cybersecurity-related start up companies.

Cybersecurity expert Ian Birdsey of Pinsent Masons, the law firm behind Out-Law.com, said: "The cyber threat landscape is constantly evolving: ransomware demands are increasing in numbers and cyber-crime more generally is on the rise. Organisations have now realised that no IT systems can be 100% secure, instead what matters is how well they prepare for and respond to a cyber-incident when it arises."

"Due to the evolving cyber threat landscape together with recent legal and regulatory developments, cyber risk has never been higher on the agenda for boards and chief executives," he said.

The government said last month that it is considering whether to introduce new "incentives" to improve the way businesses manage cyber risk. It confirmed that it is "exploring" the issue in a statement issued in response to a report by MPs published in June on the protection of personal data online.

In its report, the Culture, Media and Sport Committee said that chief executives (CEOs) should assume "ultimate responsibility for cybersecurity within a company" but that "day to day responsibility" for cybersecurity should be allocated to another person in the business, such as the chief information officer or head of security.

The Cybersecurity Breaches Survey 2016 revealed that 65% of major UK businesses experienced at least one cyber security breach or attack in the period of the previous year. A quarter of large firms that were victim to breaches experienced such incidents at least once a month, the survey report said.

The report also highlighted that many UK companies lack formal cybersecurity policies and a plan to manage incidents when they occur.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.