Discover new opportunities by becoming a member of CBN today!
Our membership is free to cybersecurity organisations and offers them opportunities to promote capabilities, share insights and develop lasting relationships
CBN Newsletter – June 2024
Introducing our new CBN Newsletter
Our monthly update to bring you the relevant, high-level policy and business news from across the cyber sector.
This month we take a look back at our relaunch event at the end of April, update you on the latest election developments and give you a breakdown of the recent McPartland review into ‘Cyber Security and Economic Growth’ .
If you have any questions about the content, or believe we should add to our coverage, please do not hesitate to get in touch.
Headline news
Prime Minister calls surprise General Election
On the 4th July UK voters will head to the ballot box to vote in the 2024 General Election. Labour is currently polling strongly with an estimated 45% vote share and expected to win a significant majority after nearly fifteen years of Conservative government.
The campaign will focus on bread and butter issues like the economy and security with cyber unlikely to be front and centre, but a week and a half in to the campaign and cyber has been raised by both Conservatives and Labour – the former as part of a new National Service policy, the latter as part of their defence review as Labour commit to a strategic defence review in the first year of government. Aside from the parties, the Joint Committee on the National Security Strategy called for the PM to defend UK democracy, raising several concerns about the potential threats posed by foreign nations that may undermine the outcome of the election. The NCSC also recently launched a personal protection service for election candidates and officials, as part of a wider package of cyber support.
McPartland Review into Cyber Security and Economic Growth
Stephen McPartland MP published his final report and recommendations, the McPartland Review of Cyber Security and Economic Growth.
The report identifies 16 high-level “non-legislative” recommendations which span investment, skills, resilience and governance, crime and net zero.” Some recommendations include:
- Government should provide clear incentives for investment in cyber security by improving awareness of existing tax reliefs for cyber security costs, such as software, hardware, or training.
- Government should work with industry to establish the upcoming Cyber Governance Code of Practice as a key operational resilience requirement for businesses.
- The NCSC should work with industry to establish a private sector-led solution to product assessment. NCSC should accredit up to five industry-funded labs across the UK to produce cyber security ratings or an approved list of suppliers.
- The UK should be more strategic about how it showcases its cyber power to the world, by enhancing its support, including financially, to its cyber companies to exhibit their products and services at key trade shows on critical digital infrastructure.
Although “warmly welcomed” by Government, it cannot be officially published until after the election due to the dissolution of Parliament and the purdah period, and there are questions around its implementation under a new government.
Political and policy updates
Cyber UK 2024
CyberUK, the UK government’s “flagship” cyber security event, took place in Birmingham last week. Notably, the DSIT Minister for Tech and the Digital Economy, Sadiq Bhatti MP, made a range of announcements, including a call for views on the new Code of Practice on the Cyber Security of AI & Software Vendors; the future direction of CyberFirst; and figures of growth in the UK cyber security sector.
The figures, which constitute a cyber security sectoral analysis, find that the total annual revenue within the sector has increased by 13% in the past year – considerably higher than the slower growth in the previous study (3%) – and that the sector has grown by 5%, adding 2,700 new jobs. In addition, they estimate total GVA for the sector has reached c. £6.5 bn, reflecting an increase of 4% since last year’s study.
Other speeches:
- Anne Keast-Butler, Director of GCHQ, gave a keynote speech which called out Russia, Iran and China as posing significant cyber threats to UK national security.
- Ollie Whitehouse, CTO of the NCSC, said that while companies know how to build resilient, secure technology, the market does not incentivise them to do so, and called for “honesty” around technological development challenges in order to develop resilience.
- Felicity Oswald, CEO of the NCSC, spoke on the need to be ready for future threats, calling for greater collaboration between allies, and between government and industry.
Note: due to the election, the announcements made by the Minister may not be carried through by the next Parliament. We will share an update when possible, but please get in touch if you have any questions.
Statement from HM Government on the adoption of UK Cyber Security Council standards
The government committed to strengthening standards by embedding UK Cyber Security Council standards across its cyber workforce by 2025. This includes defining necessary competencies, introducing training programs, and encouraging skill improvement. Critical National Infrastructure (CNI) regulators will recognise these standards and collaborate with the government. The Cyber Growth Partnership (CGP) will support the Council with industry backing.
Cybersecurity of elections
A briefing from the Parliamentary Office of Science and Technology (POST) examines the impacts of cyber threats on election outcomes and mitigation strategies. It highlights the evolving nature of these threats, including misinformation and AI-generated content, and identifies risks such as ransomware, data leaks, and attacks on high-profile individuals. The briefing also outlines relevant cybersecurity policies, challenges in addressing these risks, and suggestions for preventing cyber attacks.
NCSC updates – May 2024
- Cyber Election Defence Service: Provides support to high-risk individuals, particularly politicians and election officials, as part of a broader cyber support package ahead of the next general election.
- Share and Defend: Blocks malicious websites in partnership with ISPs and tech companies by sharing threat intelligence data, preventing cyber attacks and cyber-enabled fraud.
- Guidance on Business Email Compromise (BEC): Offers practical steps for smaller organisations to reduce BEC attacks, such as minimizing digital footprints, detecting phishing emails, applying ‘least privilege’ principles, and implementing two-step verification.
UK not heeding warning over China threat, says ex-cybersecurity chief.
Ciaran Martin, former head of the NCSC, warned that the UK isn’t taking the threat of Chinese cyber-spying seriously enough, citing US warnings about Chinese hackers targeting critical infrastructure. He urged the UK to declare attacks on civilian infrastructure as unacceptable and called for stronger government action. Martin supports proposed measures for mandatory ransomware attack reporting and regulating ransom payments, emphasising increased vigilance against this threat.
Founded by Clarity
Global digital marketing and communications agency, providing fearless marketing and consultancy to the world’s most progressive companies.
We match data-driven science with human ingenuity to expand our full-funnel, specialist services and expertise. Our vision is to accelerate positive change and impact across the world. A firm believer of cybersecurity as an enabler of growth and resilience, we are proud to driving its prosperous impact forward.
Business and industry
NCC Group: Digital Dawn: Cyber Security Policy in the Wake of Political Change
The NCC Group released a new cyber policy report for incoming (and existing) governments and policymakers across the world their roles in securing cyberspace, highlighting challenges and opportunities.
Opportunities include cross-party agreement on cybersecurity’s importance, strong existing regulations, and a “whole-of-society” approach. Challenges involve limited resources, lack of specific responsibility, keeping up with emerging technology, and protecting smaller organisations.
One in three organisations looking to improve cybersecurity
According to research from Daisy Corporate Services, while almost two-thirds of UK organisations are likely to be looking to reduce costs over the course of this year, leaders are prepared to invest in services such as cloud and cybersecurity, as they look to unlock operational performance improvements and streamline their current technology supply chain.
70% of CISOs concerned about material cyber attack
Chief information security officers around the globe “are nervously looking over the horizon,” according to a survey of 1,600 CISOs with more than two thirds (70 percent) concerned their organisation is at risk of a material cyber attack over the next 12 months.
These figures are striking. highlighting an increase from 48% in 2022, with those in South Korea, Canada and the US most concerned. 43% of those surveyed said their organisation is not prepared for a cyber attack.
