Out-Law News 1 min. read
26 Feb 2013, 10:45 am
The National Audit Office (NAO) said that cyber crime currently costs the UK an estimated £18-27 billion a year and that there were 44 million cyber attacks recorded in the UK in 2011.
In a review of the UK's cyber security strategy (43-page / 673KB PDF) the watchdog offered advice on how the Government could measure the success of its strategy which was first outlined in 2011. The Government's strategy sought to improve standards of cyber security in the private sector as well as the expertise and collaboration of enforcement bodies.
Its vision for the strategy is "for the UK in 2015 to derive huge economic and social value from a vibrant, resilient and secure cyberspace, where our actions, guided by our core values for liberty, fairness, transparency and the rule of law, enhance prosperity, national security and a strong society".
The NAO interviewed "lead officials, industry representatives, academics and citizens’ groups during July to October 2012 and held a round table with leading cyber academics" and said that the view was that Government had to show leadership in implementing good cyber security practices before businesses would follow suit.
"Interviewees ... stated that the government needed to demonstrate the progress it was making in applying the cyber advice and guidance, it gives to business, to improving the protection of its own systems and data," the NAO report said. "This was considered necessary for government to maintain its leadership role and engagement with business and the public."
The NAO said that the Government would face difficulty in measuring how successful its cyber security strategy would be because of the "conceptual problem that success will be in terms of events not happening". It will also be difficult to establish how much is spent on cyber security since "the majority of spend is classified" and the remainder is "channelled through many different organisations for many different types of activities".
It recommended the setting of "comparators" by Government to enable it to "evaluate performance" against internal "benchmarks" that "define what will constitue success, in terms of outputs and outcomes, and at which points in time", among other steps.
"Progress and success can also be assessed relative to: baseline performance before the intervention or strategy; what is happening in other (similar) countries; and counterfactual scenarios that try to establish what would have happened without the intervention of strategy, perhaps by modelling," it said.
