UK Cyber Strategy a welcome injection of progress

Pillar 1: Strengthening the UK’s cyber ecosystem

This supports the “whole of society” approach. It aims to drive understanding within organisations as well as build the relationships and trust that are both key to the direction the UK is taking.

With more open dialogue between the enterprise, government and academia, organisations will have opportunities to be involved in the conversation. By being in a position to offer valuable insight into the challenges, they will potentially be able to shape policy that supports them.

From an intra-industry perspective, collaboration will encourage players in the same field to connect and share cyber defence strategies offering mutual benefit, using this to build a network of deterrents preventing cyber attacks targeting their sector or organisations of a similar size. Equally, knowledge sharing across industries will be vital to broaden skillsets in order to tackle real-world threats as they evolve.

This pillar also covers the cyber skills, services, and products that will help organisations improve their defensive posture. The importance of cyber security skills and awareness in protecting and securing data and systems is increasingly well-understood. Many enterprises already have extensive expertise in the area, making them well-placed to advise the government and individuals. Incorporating the fight against cyber criminals into corporate social responsibility (CSR) programmes could formalise the process of knowledge sharing.

Pillar 2: Building a resilient and prosperous digital UK

Here, the emphasis is on developing resilience by first understanding and then appropriately managing cyber risk. It builds on the previous pillar with the ability to identify cross-cutting and systemic risks, guide priorities, and drive business cases for risk reduction activities.

Organisations will again benefit from the sharing of insights and common threats, as well as the progress of risk reduction in different sectors. Some of these sectors (CNI, for example) can expect more regulations detailing their responsibilities and the appropriate actions required to manage cyber risk.

However, management of cyber risk and defensive measures will never stop all cyber attacks, and this pillar also discusses the importance of responding to and recovering from an attack.

The government will be looking to improve its coordination of cyber incidents that have a national impact. Organisations should aim to support those efforts, with activity including the early reporting of breaches they believe may be of national significance (with this linking back to building the relevant relationships and trust outlined in pillar 1).

Pillar 3: Taking the lead in the technologies vital to cyber power

The third pillar suggests increased investment in the UK’s technology sector. This is good news for businesses that build cutting-edge technologies, but over time all organisations will benefit from the technological advances, which will need to be secure-by-design and developed to sufficient standards.

Emerging technologies in this space include 5G/6G, quantum computing and microprocessors among others, all of which could serve an organisation by helping it bolster its defences, regardless of whether it has had a hand in developing them.

Pillar 4: Advancing UK global leadership and influence for a secure and prosperous international order

The footprints of many organisations’ cyber space operations span multiple countries – each of which has individual legal requirements. Within this pillar, the UK government hopes to influence a multi-nation drive for global governance as well as improve the cyber defence posture of other countries to better combat cyber threats as a whole.

The nature of digital operations mean global organisations can face cyber threats from anywhere in the world. Over time, they should benefit from a safer environment and face fewer business disrupting cyber risks.

Pillar 5: Detecting, disrupting, and deterring our adversaries to enhance UK security in and through cyber space

Cyber crime is a major industry, currently demonstrated by the frequent occurrence of well-publicised ransomware attacks, which cause massive disruption to organisations and require heavy recovery costs.

The final pillar aims to improve UK security in cyber space through targeting cyber criminals and deterring malicious actors to reduce the appeal of conducting cyber crime.

A key role for organisations is to refrain from the understandable temptation to protect their reputations by covering up successful cyber attacks, instead reporting them to the National Cyber Security Agency (NCSC) and National Crime Agency (NCA) so that the government is aware and can gather evidence to tackle the relevant criminal groups.

In conclusion

The National Cyber Strategy should be seen as a welcome injection of both focus and investment in bettering cyber defence for everyone. 

As the “whole of society” approach suggests, the UK government cannot make the much-needed changes without the support of both organisations and individuals. Organisations will need to move away from working in silos to collaborate on countermeasures and backup plans, and put cyber defence firmly on the boardroom agenda. And as more citizens become aware of cyber risks and the importance of their role in protecting their information, the risks of data leaks and infringement in general is reduced.