The latest National Cyber Security Strategy (NCSS), sets out the UK’s five-year plan to enhance resilience against a range of cyber related threats.
It is a comprehensive plan to address the range of cyber threats facing the country, underpinned by a very clear set of objectives. Meeting those objectives will require both top-down action from government and bottom-up pressure from industry, investors and the public.
This effort should focus on three key elements:
Boards need to make sure they have a clear understanding of the cyber risks they face and the actions and the investment required to achieve an appropriate level of cyber security for their organisation. Their investors should also be exerting pressure to encourage businesses to take the right steps to improve their defences against cyber attack. Equally, as the insurance market matures, insurers will have a potentially powerful role in raising expectations of organisations’ cyber defences.
Innovation will be critical to staying ahead of the ever-changing cyber threat. This should build on the existing innovation clusters and government initiatives as well as respond to bottom-up demand from individuals and businesses for new solutions to protect them. These innovative defences should be applied both to existing solutions as well as being built into new products and services. These will then need to be developed and implemented in an agile and cost-effective manner.
People can be the weakest link in cyber security but if they are educated and informed properly, they can also be the strongest defence. Achieving that means raising awareness and then providing simple and effective responses to individual concerns and helping people protect themselves. This will then create the cultural change that puts further pressure on the leadership of companies and organisations to make cyber security a priority.