Skip to content


  • Add this article to your LinkedIn page
  • Add this article to your Twitter feed
  • Add this article to your Facebook page
  • Email this article
  • View or print a PDF of this page
  • Share further
  • Add this article to your Pinterest board
  • Add this article to your Google page
  • Share this article on Reddit
  • Share this article on StumbleUpon
  • Bookmark this page

How can the government protect the UK from cyberattacks?

What do Tesco Bank, Talk Talk and Northern Lincolnshire and Goole NHS Trust all have in common? An easy question for anyone in the cyber security business – they’ve fallen victim to security breaches.

And a critical report recently published by the Public Accounts Committee (PAC) states that while the threat from cyberattacks has been one of the top four risks to national security since 2010, it’s taken government too long to consolidate and coordinate the 'alphabet soup' of agencies that are meant to be protecting Britain online.

The PAC goes on to provide six recommendations that will increase the UK’s security. Here, I tackle the three I think are the most important.

Create a detailed plan for the National Cyber Security Centre (NCSC)

This advice comes a mere four months after the NCSC was established and it’s already been tasked with taking the lead on protecting government networks, using technology and innovation to automate defences, and taking control of incident response.

These are all huge asks and it’s vital the government doesn’t complicate matters by strangling the process with bureaucracy. My advice? As the NCSC emerges from government into industry, allow it to operate as a business and learn how it needs to effectively support commercial business.

Assess the cost and performance of government information security activities more broadly

Consider this: The UK spends billions of pounds a year on defence, but it’s extremely difficult to quantify the value of security until you’re attacked. It all depends on how you measure value – and this requires an outlook that isn’t focused purely on costs. The same outlook needs to be taken with cyber security.

It’s also worth highlighting that the recommendations only focus on preventing cyberattacks. But it’s naïve to assume you’ll never be attacked or that attackers will never be successful – even if you have the best defences possible. Prevention is just one side of the coin and an organisation’s resilience and ability to bounce back quickly after an attack should be given equal importance.

Whilst the PAC has an important role in scrutinising how government money is spent, assessing the value for money of security initiatives will always be very hard. This should be accepted – efforts to drag cyber security programmes through government value for money assessment exercises will just stifle the innovation needed to tackle this challenge.

Plug the cyber security skills gaps

Up until now, the government has focused its initiatives on undergraduate level and beyond. But with just 10% of pupils taking a GCSE in Computer Science in 2015/16 and less than 1% of A Levels taken in Computing, the focus needs to be on engaging schoolchildren from a young age.

Our annual Raspberry Pi competition aims to do just this. It gives students as young as eight the opportunity to gain hands-on experience of computer programming and engineering. Lessons should also be learned from Israel – a country renowned for its cyber security prowess. The necessary skills are embedded in the curriculum from an early age; both Israeli academia and the military continue to put cyber-security at the top of their priorities, generating a continuous and sustained pool of cyber talent that supplies industry.

Good steps are being made but, as highlighted by the PAC, there’s still lot to do. This is enviable when tackling such an emergent and dynamic challenge. It’s only by taking a different approach across these three fronts that the UK will increase its chances of preventing cyberattacks – and recovering from any attacks it does fall foul to. 




Contact the author

Contact the defence and security team

By using this website, you accept the use of cookies. For more information on how to manage cookies, please read our privacy policy.