MPs warn government to improve cyber defences against increased national threat

The UK is more vulnerable to cyber attacks than ever before, a Commons report has warned.

MPs said that the UK’s vast network of digital infrastructure is vulnerable to cyber attacks and that the threat has been exacerbated by poor government planning.

The Cabinet Office has published two five-year strategies for tackling cyber crime, but a “weak evidence base and the lack of a business case” to adopt the plans means the government may well fail to meet their objectives.

The report warned that the government must act soon to create an improved plan for its approach to cyber security after the current strategy ends in 2021.

How severe is the threat?

The report noted that the National Cyber Security Centre has dealt with more than 1,100 incidents since it was established in October 2016.

This figure may well rise exponentially as organisations increasingly rely on digital technology and criminals continue to profit from cyber attacks.

MPs added that another threat comes in the form of the quickly evolving cyber threat landscape, which threatens to outdate the current defence strategy, which was implemented in 2016. One of the biggest concerns is the blurred lines between state-orchestrated attacks and those committed by individual attackers or independent criminal hacking groups.

How should the government respond?

Meg Hillier, who chairs the PAC (Public Accounts Committee), said:

“As it currently stands, the Strategy is not supported by the robust evidence the Department needs to make informed decisions and accurately measure progress. On top of this, neither the Strategy or the Programme were grounded in business cases – despite being allocated £1.9bn funding.

She recommended that the Cabinet Office review the way it approaches cyber security planning as a matter of urgency, stating that “future plans should be based on strong evidence, business cases should be rigorously costed to ensure value for money, and strategic outcomes and objectives should be clearly defined”.

The government is expected to announce its plans for 2021 and beyond as part of the 2019 autumn budget.

Subscribe to our newsletter to receive the latest cyber security news and advice >>

Weekly roundup