lolloj - Fotolia

UK government re-announces £1.9bn cyber security spend

Five-year spending increase - announced by Chancellor Philip Hammond 12 months after George Osborne did so - will support new UK cyber security strategy

The UK government has announced a £1.9bn increase in spending on cyber security for the second time – 12 months after it was first announced.

The government said the funding was part of its new cyber security strategy unveiled today (1 November 2016).

But the money is not new. In a speech at GCHQ on 17 November last year, then Chancellor, George Osborne, said the government was making cyber security a top priority, and announced exactly the same investment.

“In the spending review, I have made a provision to almost double our investment to protect Britain from cyber attack and develop our sovereign capabilities in cyber space, totalling £1.9bn over five years,” said Osborne at the time.

In a statement released today, current Chancellor Philip Hammond said: “Our new strategy, underpinned by £1.9bn of support over five years and excellent partnerships with industry and academia, will allow us to take even greater steps to defend ourselves in cyber space and to strike back when we are attacked.”

According to the government, the funding will support the development of automated defences to safeguard citizens and businesses against growing cyber threats, will support the UK’s growing cyber security industry, help to develop a world-class cyber workforce and deter cyber attacks.

Read more about cyber security

  • Cyber security must be top of the agenda for business, policy and research, according to a report by The Royal Society.
  • Government announces a £250,000 programme to increase the rate of cyber security startup development in the UK.
  • An essential part of information security is identifying and managing the risks, experts tell the European Information Security Summit 2016.

Ben Gummer, minister for the Cabinet Office and Paymaster General, said: “No longer the stuff of spy thrillers and action movies, cyber attacks are a reality and they are happening now.

“The first duty of the government is to keep the nation safe. Any modern state cannot remain secure and prosperous without securing itself in cyber space. That is why we are taking the decisive action needed to protect our country, our economy and our citizens.”

The new cyber security strategy builds on the previous plan that started in 2011. The aim of the strategy is to make the UK "secure and resilient to cyber threats; prosperous and confident in the digital world". It contains little in the way of new policies or actions, but defines the key objectives and plans to make the UK the safest place to do business in the world, according to Hammond.

"The cyber threat impacts the whole of our society, so we want to make very clear that everyone has a part to play in our national response. It’s why this strategy is an unprecedented exercise in transparency. We can no longer afford to have this discussion behind closed doors," he said, writing in the foreword to the document.

"Ultimately, this is a threat that cannot be completely eliminated. Digital technology works because it is open, and that openness brings with it risk. What we can do is reduce the threat to a level that ensures we remain at the vanguard of the digital revolution."

Strategic outcomes

The strategy outlines three areas, intended to "defend, deter and develop" UK capabilities. Core to delivering the plan is the recent creation of the National Cyber Security Centre to bring all the country's cyber operations under one organisation.

The strategy document highlights 13 "strategic outcomes" the government expects to deliver in the next five years, which are:

1. The UK has the capability effectively to detect, investigate and counter the threat from the cyber activities of our adversaries.

2. The impact of cybercrime on the UK and its interests is significantly reduced and cyber criminals are deterred from targeting the UK.

3. The UK has the capability to manage and respond effectively to cyber incidents to reduce the harm they cause to the UK and counter cyber adversaries.

4. Our partnerships with industry on active cyber defence mean that large scale phishing and malware attacks are no longer effective.

5. The UK is more secure as a result of technology products and services having cyber security designed into them and activated by default.

6. Government networks and services will be as secure as possible from the moment of their first implementation. The public will be able to use government digital services with confidence and trust that their information is safe.

7. All organisations in the UK, large and small, are effectively managing their cyber risk and are supported by high quality advice designed by the NCSC, underpinned by the right mix of regulation and incentives.

8. There is the right ecosystem in the UK to develop and sustain a cyber security sector that can meet our national security demands.

9. The UK has a sustainable supply of home-grown cyber skilled professionals to meet the growing demands of an increasingly digital economy, in both the public and private sectors, and defence.

10. The UK is universally acknowledged as a global leader in cyber security research and development, underpinned by high levels of expertise in UK industry and academia.

11. The UK government is already planning and preparing for policy implementation in advance of future technologies and threats and is future-proofed.

12. The threat to the UK and our interests overseas is reduced due to increased international consensus and capability towards responsible state behaviour in a free, open, peaceful and secure cyberspace.

13. UK government policies, organisations and structures are simplified to maximise the coherence and effectiveness of the UK’s response to the cyber threat.

Read more on Hackers and cybercrime prevention

Data Center
Data Management