UK Cybersecurity Strategies to Strengthen Data Security
Owing to the COVID-19 pandemic, individuals and businesses are more dependent on all matters digital than ever. The rising adoption of internet and IoT devices and related services are only going to strengthen digital connectivity across the globe. However, the threat of cyberattacks increases more and more with every new device, user, and business connecting to the internet. Current efforts of governments and businesses are limited in scope, which is an increasing range of cyber-risks.
According to the National Cyber Security Centre statistics, 61% of organizations are anticipated to see an increase in ransomware attacks, a type of malware that threatens to publish a victim’s personal data unless a ransom is paid. Besides, government organizations remain an attractive target for an ever-expanding army of adversaries with powerful cyber capabilities. Between September 2020 and August 2021, around 40% of cyberthreats were aimed at public organizations, and the trend seems to have no signs of abating.
To counter cyberattacks, government agencies and enterprises need to have an intense collaboration since both rely on the same network of software vendors. Building and maintaining cyber defences is vital to safeguard the functions and services used by everyone. The UK government aims to maximize the benefits of digital technology by adopting proactive management of cyber risks. UK’s new national cyber security strategy calls for a ‘whole society approach’ to cybersecurity with a vision to make the country a leading cyber power by 2030. The government is planning to invest USD3.89 billion (£2.6 billion) in cyber and legacy IT and additional funding of USD50.79 million (£37.8 million) to tackle cybersecurity challenges faced by the local council to protect vital services and data. As the world is being fundamentally shaped by technology, the National Cyber Strategy would help UK protect and promote its interests as a sovereign nation.
The cornerstone of establishing UK as a cyber power is dependent on building domestic cyber resilience. Thus, it is the government’s duty to deliver functions that promote the economy of the UK, from delivering public services to strengthening national security without undue disruption. Hence, the national cyber security strategy is built upon five pillars such as :
- Investing in people and skills while encouraging a close partnership between government and academic institutions
- Building resilience and reducing cyber risks
- Increasing UK’s industrial capacity based on technologies crucial for cyber power
- Establishing global leadership in cybersecurity operations
- Enhancing national cyber security and taking a more integrated approach for countering threats
National Cyber Force
Under the national cybersecurity strategy, the government has proposed to expand the cross-agency National Cyber Force (NCF), the unit that integrates military and intelligence personnel under a single command structure. The NCF is responsible for operating in and through cyberspace, disrupting those who would harm the UK and its allies and promote UK’s interests. Keeping cyber operations at the center of its diplomatic, economic, and military activities, UK plans to gain a competitive edge in cyber operations with the help of NCF. Some of the main responsibilities of the National Cyber Force include :
- Counter cyberthreats from terrorists, criminals and states that could harm UK and other democratic societies
- Manage threats that disrupt the confidentiality, integrity and availability of data and services in the country
- Contribute to UK Defence operations and help deliver UK’s foreign policy agenda
More R&D support
Majority of the companies in UK’s technology sector are expecting an increase in sales, investment, and headcount in the coming years; hence, the companies have called upon the government to provide greater support for R&D and innovation as a way to help them realize their ambitions. The national cybersecurity strategy proposes the allocation of investment worth USD1.34 million (£100m) for expanding research capabilities. Around £70m will be available to support R&D on hardware for designing security and protection-technology solutions in hardware and chip designs. As businesses are investing more in tackling cyber-attacks with ‘designing in’ measures, the investment will help to protect businesses as well as consumers as well as reduce the growing cybersecurity costs. Besides, £30.6m will be allocated to ensure smart internet-connected devices remain secure, which could prove to be a real step-change for better protecting businesses, services, and consumers from cyber-attacks. The government is also looking forward to building expertise in existing and emerging technology such as 5G, 6G, and other types of data transmission technologies, which can transform lives.
Cyber Aware Citizens
Cyber awareness campaigns can help individuals and enterprises gather an understanding about securing their online activities and protecting data and devices to avoid any kind of cyber-attacks. The UK government has introduced a new online training platform, known as ‘cyber explorers’ for young people and children to teach cyber skills in classrooms. Besides, the National Cyber Advisory Board, along with National Laboratory for Operational Technology Security will be charged with testing and providing training on existing and emerging technologies such as 5G, 6G, applications of artificial intelligence, blockchain, cryptographic authentication, quantum technologies, and more.
The government aims to collaborate with “market influencers,” including insurers and investors, to incentivize good cyber security practices and also aims at providing better insights into how companies will manage and mitigate risks. Besides, the government plans to expand post-16 cyber security training opportunities to further strengthen knowledge and skills related to the domain. To encourage people to take up cybersecurity as a career opportunity, the UK Cyber Security Council has been granted ‘Royal Charter’ status, which brings cybersecurity professionals in line with those serving as engineers or medical practitioners.
Bolstering Law Enforcement
The UK government has planned to build the foundation of risk management for detecting cyber security events across every part of its estate and mitigate risks before they impact services and functions. With the agility to monitor systems, networks and services before any incident happens will help the government to provide coherent responses as well as improve the capability to detect more such attacks in the future. The NCSC has launched an Active Cyber Defence initiative to counter cyberattacks in an automated and scalable manner, detecting any malicious activity on the website and then proactively work with the hosting company to take it down. Furthermore, the NCSC will further grow the number of offered shared services and capability to improve the resilience in preventing cyberattacks. The National Crime Agency’s National Cyber Crime Unit supports a network of dedicated units consisting of 43 police forces along with a regional coordinator.
The sustained and tailored deterrence campaigns will leverage a full range of UK capabilities to get aggressive with cybercriminals. Action Fraud, hosted by the City of London Police, will provide centralized crime reporting, triage, and analysis to NCA for pursuing the cybercrime case. Joining the forensic, intelligence, and data sharing capabilities into a single platform could help the national and regional units access specialist high-end capabilities and tools. The government will develop a cross-government vulnerability reporting service to enable organizations to fix issues more efficiently and rapidly. Besides, the cyber coordination center will foster partnerships and allow government organizations to identify, investigate and coordinate responses to incidents on public sector ecosystems.
Way Ahead
In the last five years, the government has made significant progress in terms of cybersecurity with the establishment of the National Cyber Security Centre and the introduction of the Minimum Cyber Security Standards for the government. While the government’s recognition and understanding of cyber security risks have largely evolved, there is still significant progress to be made. The size and complexity of the government’s digital estate, diversity of government’s supply chains, and complex government structures can impact the visibility of cyber risks. Besides, the limited number of resources and skilled workforce also pose some serious challenges in mitigating cybersecurity risks. However, organizational diversity comes with a wealth of capabilities and knowledge, which could be harnessed to bring transformation, drive innovation, and gather analytical understandings. Cyber resilience remains a cost-effective solution against the cyber threat; hence government organizations must focus on building foundations to improve technologies to match the ever-evolving cyber risk landscape.
According to TechSci Research report on “Global Cybersecurity Market By Segment (Security Services, Network Security, Infrastructure Protection, Identity Access Management, Data Security, Application Security, Integrated Risk Management, Cloud Security and Others), By Deployment Mode (On-Premise and Cloud), By Organization Size (Large Enterprises and SMEs), By End Use Industry (BFSI, Manufacturing, Government, IT & Telecom, Retail, Energy & Power and Others), By Region, Competition, Forecast & Opportunities, 2025”, the global cybersecurity market is expected to grow at a formidable rate during the forecast period. The growth can be attributed to the rising need for strong authentication techniques and cybersecurity solutions.
According to another TechSci Research report on “United Kingdom Cyber Security Market By Security Type (Network Security, Endpoint Security, Cloud Security, Application Security, Content Security and Others), By Solution Type (Firewall, Antivirus & Antimalware, Risk & Compliance Management, Identity & Access Management, Data Loss Prevention, Intrusion Detection-Prevention System, Encryption & Decryption, Secure Web Gateways, Email Filtering, Others), By Deployment Mode (On-Premise and Cloud), By End-User Industry (BFSI, IT & Telecom, Defense, Energy & Power, Retail, Healthcare & Others), By Region, Competition Forecast & Opportunities, 2027”, the United Kingdom cyber security market is anticipated to grow at a significant rate. The market growth can be attributed to the rapid ongoing digital transformation across various industry verticals and flourishing e-commerce industry. Besides, increased complexity of cyber-attacks and supportive government policies are anticipated to drive the United Kingdom cyber security market in the coming years.