Blogs
The Big Question: Is the UK doing enough when it comes to cyber risks?
The threat to the UK’s cyber security is rapidly evolving and the threat is increasing. According to the parliamentary science, innovation and technology committee the UK is the third most targeted country in the world for cyber-attacks, after the US and Ukraine.
In recent years the UK has seen the use of offensive cyber capabilities by state and non-state actors proliferate, exacerbated by Russia’s full-scale invasion of Ukraine. However, the UK has not been idle. The Government’s National Cyber Strategy 2022 and the Government Cyber Security Strategy 2022-2030 recognise cyber threats to UK Critical National Infrastructure (CNI) – infrastructure whose disruption would have significant national impact – as an area of particular concern.
The committee has launched an inquiry into the cyber-resilience of the UK’s CNI but away from the core infrastructure there have been a number of moves to ensure that businesses are more resilient.
The Cyber Security Research and Networking Environment NetworkPlus, has been formed by the University of Oxford, and backed by a multimillion pound investment from the Engineering and Physical Sciences Research Council (EPSRC).
The network has been designed to bring together all parties to look at ways in which the UK can create new insights into how to achieve greater security by design and default.
Ian Summers, Global Business Leader, AdvantageGo.
Project Lead, Professor Andrew Martin from the University of Oxford’s Department of Computer Science says: “There is a pressing need for improvements in cyber security across a broad spectrum of social and technical research.
“We want to help the community to identify areas where research can bring the most benefit and encourage its development right across the UK and beyond.”
The new network aims to strengthen cybersecurity, realise the benefits of emerging technologies and better prepare society against future cyber threats.
Martin says the goal is to drive better cybersecurity across the economy, including sectors from manufacturing and healthcare to law enforcement.
“This will make businesses, charities, communities and people more resilient against cyber threats,” he adds.
The network aims to provide leadership in spotting emerging global trends and national strengths in cybersecurity, including understanding the potential of game-changing technologies from artificial intelligence to quantum computing.
A key driver will be the ability to strengthen collaboration, knowledge exchange and skills across the sector to ensure the UK maintains its position as a leader in cybersecurity research and innovation.
“We see a great deal of work but there has not been any efforts to look at how seperate areas of work could be combined to create better solutions,” he adds. “We believe there is greater value in bringing together universities, businesses and governments to create a more robust and broader view of the challenges and how we can create the solutions.
He adds: “The network will establish the first learned society for cybersecurity research, bringing together researchers from across disciplines to focus topics and nurture relationships that will turn into research collaborations.
“The new society will provide UK businesses, government and the voluntary, charity and community sectors with a key connection point to access experts nationally and internationally.”
Martin added: “This network will address the aims of the UK Research and Innovation (UKRI) ‘building a secure and resilient world’ strategic theme.
“The theme highlights the importance of enhancing national security across virtual and physical spaces by improving the awareness of risks and threats, preparedness, and decision-making and responses.”
He explains the investment behind the network is being provided in collaboration with the National Cyber Security Centre (NCSC), the UK’s technical authority on cybersecurity.
“Collaboration between academia, industry, and government is an imperative if we are to further strengthen the UK’s competitive edge and enhance our national resilience to evolving cyber threats,” Martin continues. “The network will contribute to the government’s work to develop the UK cyber ecosystem, ensure technology is safely developed and deployed, and help drive growth and skills across the country.”
He adds the (re)insurance sector has a lot to offer the work of the network and its aims, given its focus in the need for greater cyber resilience for its commercial policyholders has the opportunity to play a significant role in driving the collaboration which is needed.
“The threats we face continue to evolve and the challenge we have is to work out how we can anticipate the changes we see in the attack trends and new technologies in ten years’ time.
“What is interesting is that we have seen in recent times the type of attacks that many in academia had been identifying ten years ago and looking to find solutions for. “
Martin explains that work is already underway around the design of new security solutions for the risks that businesses will face in the future.
“We need to look at how we can develop the technology and how that will disrupt and improve cyber security. We would like to find the next solutions and the one after that.”
Martin says: “It is very much about applying the right disciplines at the right time. It is about whatever you need at that particular moment.
“There are a lot of good things going on in the UK at the moment. However the challenge is such that we need a whole society approach to this.”
On whether businesses are doing enough Martin believes progress is being made.
“Most people are taking it seriously,” he adds. “It is happening but I think ten to twelve years ago there was a realisation that we had a big problem in our hands.
“There are a lot of processes in place to understand the problem. You can measure the risk and understand the threats you face but to tackle them you need the technology.
“It is very much about where the next round of innovation will come from and it is why we need to have universities, government and business working together. Insurers can certainly have a place at the table .”
Martin says part of the operation will be a regular process of horizon scanning in an effort to identify the future threats.
“We are building the team and the network with the aim to have our first horizon scanning process underway by the middle of next year. We are also looking to set up a range of special interest groups to feedback to the network as a whole.”