Policy

Keeping the UK safe in cyber space

Issue

The growth of the internet has transformed our everyday lives and is an important part of our economy. The internet-related market in the UK is now estimated to be worth £82 billion a year while British businesses earn £1 in every £5 from the internet.

But with greater openness, interconnection and dependency comes greater vulnerability. The National Security Strategy categorised cyber attacks as a Tier One threat to our national security, alongside international terrorism. The threat to our national security from cyber attacks is real and growing. Terrorists, rogue states and cyber criminals are among those targeting computer systems in the UK.

93% of large corporations and 87% of small businesses reported a cyber breach in the past year. On average over 33,000 malicious emails are blocked at the Gateway to the Government Secure Intranet (GSI) every month. These are likely to contain - or link to - sophisticated malware. A far greater number of malicious, but less sophisticated emails and spam are blocked each month.

With the cost for a cyber-security breach estimated between £450,000 to £850,000 for large businesses and £35,000 to £65,000 for smaller ones, the government must look at new ways to protect businesses and make the UK more resilient to cyber attacks and crime.

Actions

The Strategic Defence and Security Review allocated £650 million over 4 years to establish a new National Cyber Security Programme to strengthen the UK’s cyber capacity. The Chancellor of the Exchequer announced an extra £210 million investment after the 2013 spending review.

To combat cyber threats, we will work with the Government Communications Headquarters (GCHQ) to identify and analyse cyber attacks to our main networks and services and support the UK’s wider cyber security objectives.

To prevent cyber crime and make the UK a safer place to do business, we:

We are supporting the growth of the UK cyber security industry by:

  • creating a joint ‘Cyber Growth Partnership’ with technology industry representatives techUK (formerly Intellect)
  • publishing a Cyber Exports Strategy (pdf) to set out the scope of opportunities and actions
  • developing a new Cyber Security Suppliers’ scheme for businesses that supply cyber security products and services to the UK government
  • setting a target for future export growth

To make the UK more resilient to cyber attacks, we:

  • established CERT-UK on 31 March 2014, a new organisation to improve co-ordination of national cyber incidents and share technical information between countries
  • have set up a new Cyber Incident Response scheme in GCHQ to help organisations recover from a cyber security attack
  • have extended the role of the Centre for the Protection of National Infrastructure (CPNI) to work with all organisations that may have a role in protecting the UK’s critical systems and intellectual property
  • have agreed with regulators in essential services a set of actions to make sure that important data and systems in our critical national infrastructure continue to be safe and resilient

To cultivate a safe, stable and vibrant cyberspace internationally, we:

  • work with other countries to identify and manage cyber risks and develop principles to guide the behaviour of governments and others in cyberspace
  • hosted the London Conference on Cyberspace in 2011 and have supported hosts in Budapest and Seoul since then to continue the global conversation on the future of the Internet and establishing norms of behaviour in cyberspace

To develop the knowledge, skills and capabilities needed to defend the UK against cyber crime, we are:

Background

Our National Security Strategy classed cyber security as 1 of our top priorities alongside international terrorism, international military crises and natural disasters.

We published the UK Cyber Security Strategy on 25 November 2011. It sets out how the UK will support economic prosperity and protect our national security by building a more trusted and resilient digital environment.

Francis Maude, Minister for the Cabinet Office, made a written ministerial statement to Parliament about progress against the objectives of the strategy on 12 December 2013, as he did the previous year. Read the government’s achievements so far and forward plans.

Who we’re working with

The Office of Cyber Security and Information Assurance (OCSIA) coordinates the work carried out under the National Cyber Security Programme and works with government departments and agencies such as the Home Office, Ministry of Defence (MoD), Government Communications Headquarters (GCHQ), the Centre for the Protection of National Infrastructure (CPNI), the Foreign and Commonwealth Office and the Department for Business, Innovation and Skills (BIS) to implement the cyber security programme.

The CPNI is the government authority that provides physical, personnel and information security advice to the national infrastructure. It funds a range of projects to improve the UK’s ability to protect its interests in cyberspace and to address threats from states, criminals and terrorists.

The government is represented in international forums such as the Organisation for Security and Cooperation in Europe, the EU and the World Economic Forum.

Help us improve GOV.UK

Please don't include any personal or financial information, for example your National Insurance or credit card numbers.