The UK Government needs to increase cyber security capacity across all sectors, to ensure that the UK can maintain its resilience to cyber threats and be the world’s leading digital economy.
Since the government published the National Cyber Security Strategy (NCSC) in 2016, the cyber threat has continued to diversify and grow. In the two years since the NCSC was created it has dealt with well over 1,000 cyber security incidents.
The document claims that in 2017, over 70% of large businesses, 64% of medium businesses and 42% of micro/small businesses in the UK suffered a cyber breach.
The strategy document explores the cyber skills opportunities in our education system, in terms of the number of young people studying in ICT related fields at GCSE level and above, and in terms of the number & types of courses available in Further Education and Higher Education.
The strategy sets out the importance of increasing the capability and understanding of those who require cyber security skills and services, from small business owners to operators of critical services, to enable them to effectively manage their cyber risks and be more informed about the professional services they require; equipping them to manage their recruitment or outsourcing in a way that actually meets their needs.
The NCSC will continue to provide tailored guidance and tools, including a small business guide, a board-level toolkit and a ‘Cyber Essentials’ accreditation scheme.
To address the absence of a tool for organisations to benchmark their cyber security, the Department for Digital, Culture, Media & Sport (DCMS) will also continue to explore the development of a tool that will equip organisations to understand their cyber security stance and take informed action.
The UK Cyber Security Council will, in time, seek to develop stronger links with other professions and disciplines across all key sectors to inform cyber security expectations that should be embedded within respective professional codes of conduct. The Council will take some time to establish itself and will work with other professions to embed cyber security within relevant Professional Codes of Conduct / Codes of Ethics ahead of the UK Cyber Security Council taking the leadership.
– We also propose to work with other government departments and wider industry to ensure that cyber security is adequately reflected in the implementation of emerging technologies and associated strategies.
Strategy stakeholder feedback sessions are being held during February 2019 so government, industry, academia, charities and training providers can put forward their views. Register interest to attend.
The Defence Cyber Protection Partnership (DCPP) was formed to create a joint response to the cyber threat. The DCPP aims to protect our military capability by improving cyber defence through the Ministry of Defence supply chain. The Ministry of Defence has developed cyber security standards that have to be met to contract with MOD. In order for a supplier to demonstrate their compliance, it must complete both risk assessments and supplier assurance questionnaires in a free online tool : Octavian/Supplier Cyber Protection.