Cyber security: a Q&A with Matt Hancock MP
Following the CBI’s Cyber Security Conference, digital and culture minister Matt Hancock MP explains how the UK can be the most secure digital economy in the world
Q. Why does cyber security matter?
A. Our economy relies on online technology. Huge amounts of growth, creativity and innovation in business are coming as a result of the internet – and because it is so central to much of what we do, it’s crucial it is as secure as possible.
We want people to be able to buy and sell online confidently and securely. We want people’s personal data and financial information to be secure. And we want to be the world’s leading digital nation. So companies need their intellectual property to be protected and their systems to be protected from attacks which disrupt their business.
This can only be fully realised if we’re as secure as possible, which is why the government is investing £1.9bn to make the UK the most secure place in the world to live and work online.
Q. There’s a clear gap between awareness and action around cyber security, so what is the government doing to help?
A. This is true: our latest research shows seven out of ten businesses say cyber security is a high priority for senior managers, but fewer than three in ten have a formal cyber security policy and only 10 per cent of firms have incident management plans.
We know it can be difficult for firms to take action on what can be a complex and confusing issue. This is why we developed Cyber Essentials – a simple, lightweight scheme showing businesses how to protect against the most common cyber threats.
We know it can be difficult for firms to take action on what can be a complex and confusing issue
I think all firms operating online should adopt Cyber Essentials as a minimum – this will provide good basic protection against cyber attacks. We also offer a wide range of guidance, support and free online training for businesses on www.gov.uk, and our Cyber Streetwise campaign is offering simple, practical advice for small businesses and citizens.
We’ve also been working closely with industry colleagues – including the CBI – to explore whether we have the regulatory framework and incentives needed to drive effective cyber risk management across the UK economy.
Q. How can we expect the government’s new cyber security strategy to 2021 be different from what went before?
A. The new strategy will be about building on the foundations we’ve put in place since the first strategy in 2011. We’ve transformed awareness of the threat and improved our national capability, but we now need to go further in terms of getting industry to take action and continuing to build our knowledge and expertise. We’ve already outlined details of many of the new elements, such as the two new Innovation Centres to enable start-up firms to develop innovative cyber security solutions.
Q. With the threats constantly evolving, do you think this is a battle we can win?
A. I don’t think it’s necessarily about “winning the battle” but doing everything you can to be as safe and secure as possible.
Our partnership with industry is such a central part of our strategy
There will always be new threats we need to protect against. There’s no such thing as 100 per cent security but we do know what the vulnerabilities are and what actions we need to take as a result. For example, our Cyber Streetwise campaign advises small businesses to use strong passwords and always update software – but the challenge is to get everyone, particularly businesses, to act on the advice.
This is why our partnership with industry is such a central part of our strategy. I believe the UK is well ahead of most countries on this issue but we cannot be complacent, which is why cyber security remains such a high priority for government.
Q. What do you see as the opportunities if we get this right?
A. The UK can be the world’s leading digital nation. We’re already way ahead of most in areas such as the use of e-commerce and the adoption of new technology. Being one of the most secure online economies in the world will enable UK industry to create, innovate and fully exploit the possibilities of a connected world. This will be a huge bonus for jobs and growth.
It will also mean our own cyber security industry continues to thrive: our latest figures show the sector is worth nearly £22bn, up from £17bn in 2014.
Q. If you had one “ask” of business to help improve the UK’s cyber security record, what would it be?
A. Businesses should adopt the Cyber Essentials scheme. We know the vast majority of cyber attacks exploit basic weaknesses in IT systems and software, so Cyber Essentials shows organisations how to address those vulnerabilities.
The scheme offers good basic security and I believe all businesses which rely on the internet should have Cyber Essentials as a minimum. It’s suitable for all organisations, large and small, in all sectors: thousands of firms across the economy have already taken it up. And if all businesses operating online adopted the scheme, we could hugely reduce the number of successful attacks and the UK would have probably the most secure digital economy in the world.