DCMS cyber security newsletter - September 2022
Published 28 September 2022
© Crown copyright 2022
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/dcms-cyber-security-newsletter-september-2022/dcms-cyber-security-newsletter-september-2022
1. Director’s message
One of the advantages of working at DCMS is seeing the synergies between the different parts of government. Earlier this month, as a part of the hugely successful Commonwealth Games, the Department for International Trade hosted the Commonwealth Business Hub. This fantastic event included a roundtable chaired by DCMS on the challenges and opportunities in cyber and AI in the UK and Canada. There were panel discussions on how to retain top tech talent in the UK and the role of the West Midlands cyber ecosystem in developing the next generation of cyber security specialists. It was clear that there is a lot that the UK and Canada can learn from each other, and even more that we can cooperate on.
This month sees fieldwork begin for the next iteration of the Cyber Security Breaches Survey, which will be published in March 2023. This important piece of research helps to inform our government policy and is a great way of exploring how businesses approach their own cyber security. Ipsos have been commissioned on behalf of DCMS to conduct the interviews and we would greatly appreciate your participation if your organisation is selected.
Building on the Cyber Security Breaches Survey 2022, DCMS has published a new policy paper exploring organisational experiences of cyber security breaches. Among the businesses that took part, there is a consensus that cyber crime is a significant and growing business risk, with cyber attacks increasing in both volume and technical sophistication. However, knowledge of the threat landscape varies greatly depending on the organisation.
Finally, the International Cyber Expo is taking place on 27-28 September at Olympia London. DCMS will be attending to promote the National Cyber Strategy and the cyber companies which have been through our growth and innovation programmes. It promises to be a great few days, bringing together innovation, international cyber intelligence and government.
Erika Lewis
Director, Cyber Security and Digital Identity
2. New research published: organisational experiences of cyber security breaches
DCMS has published a new in-depth research study with businesses and organisations affected by cyber security breaches. The research aimed to:
- understand the level of cyber security before a breach
- understand how organisations reacted in the immediate, medium, and long-term aftermath of a breach
- investigate how cyber security arrangements changed in the wake of a cyber breach
- investigate the short-term and longer-term impacts of the breach on organisations.
The ten organisations participating in the study all suffered a serious cyber security attack in the last four years. Several themes emerged in the research, including a consensus that cyber-crime is a significant and growing business risk, with cyber attacks increasing in both volume and technical sophistication.
3. Register your interest in the NCSC Cyber Advisor scheme
The NCSC is currently inviting organisations to help develop a new Cyber Advisor service. A Cyber Advisor will be an individual assessed by the NCSC as having a good understanding of baseline security controls and the ability to provide practical help to companies who want to achieve them.
Qualified Cyber Advisors will initially focus on helping their customers meet Cyber Essentials’ five technical controls – firewalls, secure settings, access controls, malware and software updates – by identifying and helping implement improvements that are right for the size and needs of their customer.
Under the new scheme those organisations who have a qualified Cyber Advisor on their staff will be able to apply to become an NCSC Assured Service Provider. Only organisations who become Assured Service Providers and employ a qualified Cyber Advisor will be able to offer NCSC Cyber Advisor services to customers.
4. Cyber Security Breaches Survey 2023 fieldwork will begin in late September
Later this month fieldwork begins for the next Cyber Security Breaches Survey, which will be published in March 2023. This supports the National Cyber Strategy and informs government cyber security policy. The research explores the policies, processes, and approaches to cyber security for businesses, charities, and educational institutions.
Organisations will be randomly selected to take part in the survey. DCMS has commissioned Ipsos to conduct the interviews on our behalf. Within these organisations, we are inviting the most senior person with the most knowledge or responsibility when it comes to cyber security to take part. Taking part in the survey is confidential and the interview will last around 20 minutes, taking place at a time that is convenient for you. If your organisation is selected for the survey, we would appreciate your participation and thank you in advance for your time in contributing to this important study.
5. Gold medal for the Commonwealth Games Business Hub
As part of the recent Commonwealth Games, the Department for International Trade hosted the Commonwealth Business Hub to boost opportunities for local businesses.
As part of the Business Hub DCMS chaired a roundtable discussion on opportunities and challenges in cyber security and AI in the UK and Canada. Other events included the West Midlands Growth Company’s Creative, Digital & Tech Sector Showcase Day, which demonstrated how the region’s tech community is helping companies pioneer next-generation technologies and included panel discussions on the challenges of sourcing and retaining top talent and scaling up businesses.
6. DCMS to host cyber business showcase at International Cyber Expo
DCMS will be attending the International Cyber Expo at Olympia London on September 27 and 28 to showcase cyber companies involved in our growth and innovation programmes, CyberASAP and Cyber Runway. Companies from the current year of Cyber Runway will also be showcasing their businesses as part of the TechHub stage, giving audiences a chance to see some of the most exciting cyber startups and scaleups in the ecosystem today.
The International Cyber Expo brings together leading cyber security products and innovations, international cyber intelligence with chief information security officers (CISO), government officials and policy makers. There will be over 100 industry-leading exhibitors and over 5000 cyber security buyers in attendance. You can register to attend for free on the International Cyber Expo website.
7. Crown Commercial Service: supplier webinar
On Thursday 29 September, the Crown Commercial Service is holding a webinar on Cyber Security Services 3, the dynamic purchasing system (DPS) that helps public sector organisations buy cyber services.
The webinar will provide an opportunity for cyber security firms to learn more about the DPS, how to join, how to provide services and obligations once appointed. Crown Commercial Service will also provide an update on their work currently being carried out in cyber and there will also be an opportunity to ask questions to the team.
8. North East Business Resilience Centre launches new free 24/7 cyber response service
The North East Business Resilience Centre, funded by the Home Office, has launched a free 24/7 emergency response service for businesses or individuals who find themselves under a cyber attack.
Expertise is just a phone call away with carefully selected expert partners available to offer free, initial support that could help to lessen the impact of a cyber attack, right from the outset.
NEBRC Director Supt Rebecca Chapman explained: “We are aware that one of the worst moments for anyone who has been attacked is quickly understanding the implications and knowing which way to turn. Our new service gives a direct route to immediate assistance that’s usually only available if you’re signed up with a private provider.
“All of our four partners have committed to offering an hour’s support for free and, once the immediate actions have been carried out, the business then has a choice of which path, if any, they wish to take next.”
The four NEBRC Trusted Partners are Bleam, DigitalXRaid, NGS and Waterstons.
9. DCMS cyber security research
As part of the National Cyber Strategy the government is committed to improving the evidence base to support policy development and help the cyber security sector and wider industry better understand current issues. Recent research reports published by DCMS include:
Mapping informal cyber security initiatives for young people aged 5-19
Cyber security breaches survey 2022
Cyber security in enterprise connected devices
Cyber security skills in the UK labour market 2022