Setting out in stark terms that the UK faces a growing threat of cyber-attacks from “states, serious crime gangs, hacking groups as well as terrorists”, Cabinet Office Minister Matthew Hancock announced the launch of the National Cyber Security Centre (NCSC) on 18 March 2016. Led by current Director General for Cyber at GCHQ, Ciaran Martin, the NCSC has been set up to ensure that people, public and private sector organisations and the critical national infrastructure of the UK are safer online. It will bring the UK’s cyber expertise together to transform how the UK tackles cyber security issues and seeks to establish itself as the authoritative voice on information security in the UK.
The Centre for the Protection of National Infrastructure (CPNI) cites cyber threat as a critical issue. “Given Cyberspace lies at the heart of modern society; it impacts our personal lives, our businesses and our essential services”. Cyber security embraces both the public and the private sector and spans a broad range of issues related to national security, whether through terrorism, crime or industrial espionage.
Co-operation with the private sector will be a key strand of work for the NCSC. One of the first tasks for the NCSC will be to work with the Bank of England to produce advice for the financial sector for managing cyber security effectively. Indeed, the FCA’s Business Plan for 2015/6 identifies cyber-crime as one of the key risk drivers in customers’ dealings with financial institutions. From the perspective of the SME sector a Small Business Cyber Security Guide was published last year.
It is not just the financial services sector that is affected. PWC’s Global Economic Crime Survey 2016 reported that Cybercrime holds the number 2 slot as most reported economic crime affecting 32% of organisations. However, most companies are still not adequately prepared for – or even understand the risks faced: Only 37% of organisations have a cyber incident response plan. High profile breaches such as that suffered by TalkTalk last year brought this issue into sharp focus. Companies must obtain advice at the earliest opportunity on implementing best practice and procedure.
Indeed, in its Risk Outlook 2015/6 the Solicitors Regulation Authority focuses on information security and cyber-crime as a key risk. Whilst confirming that firms can and should take advantage of business efficiencies through modern technology, the SRA seeks to ensure that firms manage the risks presented by cyber-crime and have the ability to fend off a cyber-attack.
The CPNI reminds us that cyber-crime has - theft, hacking or denial of service to vital systems - has become a fact of life. A government report from last year estimates that cyber-crime cost the UK economy £27bn in 2015. A recent survey also reports that UK firms on average lost £4.12m this year from cyber-attacks – up from £3.86m in 2014.