Policy paper

DCMS cyber security newsletter - April 2022

Published 6 April 2022

1. Director’s message

Even though cyber security is, at its heart, about protecting systems and data, one of its strengths as a sector is its commitment to openness and collaboration. This is best exemplified by the many events, roundtables and conferences that enable us to share ideas, make new connections and achieve change. Last month I got the chance to deliver the keynote speech at Secure South West, a fantastic event in Plymouth, on the new National Cyber Strategy and the skills work we are doing to encourage more people into the cyber profession. In the end I could not be there in person, but it was great to see people gathered together again.

That is why I am pleased that, once again, DCMS is sponsoring the Innovation Zones at CyberUK and Information Security Europe 2022, otherwise known as InfoSec. The zones provide a space to showcase innovative UK cyber SMEs and enable them to meet the buyers, investors and mentors that can catalyse business growth. Again this year, we will be using CyberUK to promote companies that have been through DCMS’s growth programmes. For InfoSec we are holding an open competition, which has just launched, to select the companies taking part. If you are interested I encourage you to apply.

I am really excited to let you know that we have just published our Cyber Security Breaches Survey 2022, which profiles UK businesses, charities and educational institutions policies, processes, and approaches to cyber security. The survey found that 39% of organisations had identified a cyber attack over the past 12 months. This remains consistent with last year and is a decline from 46% reported five years ago in 2017. The most common attack vector remained phishing mails (83%), but one-in-five of these organisations identified a more sophisticated attack such as a denial of service, malware, or ransomware. The survey will inform government policy on cyber security, making the UK cyber space a secure place to do business.

Erika Lewis

Director, Cyber Security and Digital Identity

Department for Digital, Culture, Media and Sport

2. Information Security Europe 2022: most innovative cyber SME 2022 competition

Does your cyber security business bring something truly innovative to the UK market? As part of Infosecurity Europe 2022, DCMS is running a competition to look for the most creative and original cyber security companies in the country, one of which will be crowned The UK’s most innovative cyber SME 2022.

The top 14 innovative cyber SMEs will be invited to join the Cyber Innovation Zone at Infosecurity Europe 2022 - Europe’s leading cyber security event taking place on June 21 to 23. They will be offered an event exhibition package, two showcase speaking slots and a marketing package.

This competition is run collaboratively by DCMS, techUK and Infosecurity Europe, and judged by a panel of cybersecurity experts.

Simply complete the application form by Friday 22nd April. Soon after this date, an expert panel will decide the winners

3. CyberUK 2022: registration open

Registration for CyberUK, the UK’s flagship government cyber security conference has opened. CyberUK, hosted by the National Cyber Security Centre will take place this year at the ICC Wales in Newport on 10 and 11 May.

The theme of this year’s event is ‘Cyber Security for the whole-of-society’ and will feature keynote speeches, panel discussions and Q&A sessions. DCMS will be funding the Innovation Zone, which will feature 12 cyber companies that have benefited from our growth and innovation programmes. The companies will take part in a Cyber Den where they will showcase their work in front of a panel of experts who will decide on a winner who will gain further help and support from the NCSC.

4. Cyber security breaches survey 2022

DCMS has published the Cyber Security Breaches Survey 2022, a detailed overview comprising both quantitative and qualitative research, that details the cost and impact of cyber breaches and attacks on businesses, charities and educational institutions.

Among the key findings are that 39% of UK businesses identified a cyber attack over the past 12 months. Of the businesses that identified an attack, the most common threat vector was phishing (83%), with one-in-five of these businesses identifying a more sophisticated attack such as denial of service, malware, or ransomware. The average cost of all cyber attacks in the last 12 months, for businesses that identify material outcomes is estimated to be £4,200.

For more information, please see the breaches survey press notice.

5. Cyber Aware campaign

Last month NCSC, with support from DCMS and the Home Office, launched the next phase of the government’s Cyber Aware campaign. The key message of the campaign is to protect your email account by carrying out two actions: 1) use a strong password made of three random words, and 2) set up two-step verification. This is based on NCSC advice, as the most effective action most of us can take to raise the bar on our own security, and that of small businesses.

The campaign is running across social media, radio, outside advertising and digital adverts on search engines, and is being supported by Google.

6. Cyber Runway: final graduation event

On Wednesday 23 March, an event to celebrate the end of the first year of delivery of Cyber Runway was held in Salford. Delivered by Plexal the event was a chance for members of the programme to come together and celebrate as well as network, meet investors and attend panel discussions on venture capital funding, exporting and establishing an alumni network. A video showcasing the event is available.

Cyber Runway is the UK’s largest government-backed cybersecurity accelerator for entrepreneurs, startups and scaleups. Funded by DCMS it is delivered by Plexal with support from Deloitte, CyLon and the Centre for Secure Information Technologies. If you are interested in taking part next year please email cyberrunway@plexal.com.

7. NCSC blog: use of Russian technology products and services

Ian Levy, NCSC’s Technical Director, has written a blog addressing the use of Russian technology products and services following the invasion of Ukraine.

Given the international situation, the NCSC is advising certain organisations to consider the risk of Russian-controlled parts of their supply chain. These include public sector organisations that weren’t covered by NCSC’s 2017 supply chain guidance; organisations providing services to Ukraine; organisations that would represent a ‘PR win’ if compromised; organisations providing services to critical infrastructure and organisations or individuals doing work that could be seen as being counter to the Russian state’s interests.

8. UK cyber resilience consultation: last chance to have your say

DCMS’s consultation on proposals to improve the UK’s cyber resilience ends on Sunday 10th April. We are consulting on proposals for legislative changes which would drive up levels of cyber resilience, particularly in organisations which play an important role in the UK economy, like managed IT service providers.

The consultation is a part of the £2.6 billion National Cyber Strategy 2022 and the government’s work to improve the cyber resilience of businesses and organisations across the UK economy.

9. Secure connected places (smart cities) guidance

To help support the security of smart cities, DCMS has published a collection of secure connected places guidance. The collection includes the foundations of a secure connected place, designing and managing connected architecture, protecting data and managing incidents.

If you buy or operate connected places technologies, this guidance can make your connected places systems more resilient to cyber security threats, helping you to avoid the negative impacts of an incident such as personal data loss, reputational damage and loss of user trust.

10. Joint security guidance offered to data centre operators and users

The National Cyber Security Centre and the Centre for the Protection of National Infrastructure have issued new guidance to help UK’s data centres stay secure.

Data is one of the UK’s most valuable assets, and it underpins almost all facets of modern life. However, this can make data centres an attractive target for threat actors, both physically and in cyberspace.

The new guidance sets out a holistic security strategy which encourages owners and users to consider how:

• location and ownership of a data centre can affect who has access to sensitive information or affect strategic operating decisions
• cyber threat actors continuously evolve their methodology to breach defences
• strong physical security can mitigate covert and forceful entry to data assets
• employees are critical to an effective security culture

11. Cyber Ready: Bradford-based programme to boost diversity

In May, CompTIA will be delivering Cyber Ready, a free programme designed to increase diversity in the cybersecurity sector by openly encouraging people from backgrounds that have been historically underrepresented in the sector. This includes women, parents, people from an ethnic minority background, and those who are neuro diverse.

A six-month programme, Cyber Ready is built upon the Security+ and CySA+ curriculums, equipping participants with the knowledge, skills, and certifications to build both confidence and competence. 85% of previous candidates have transitioned into cyber security careers.  

The course is accepting applicants living in Barnsley, Bradford, Calderdale, Craven, Harrogate, Kirklees, Leeds, Selby, Wakefield, and York and applications are open until Tuesday 12 April.

12. Free courses for jobs: eligibility expansion

From this month, even more adults will be able to take a free Level 3 qualification (equivalent to A levels) to help them access new job opportunities.

People earning below the National Living Wage annually (£18,525 from April this year, equivalent to £9.50 per hour for a 37.5 hour week) or who are unemployed, can now take a free Level 3 qualification and gain valuable skills to help them find work.

There are hundreds of high value qualifications to choose from, in subjects like engineering, adult care, early years, accounting and many more. You can find out more on the Skills for Life website where you can also find which courses are available.

13. Symposium on cyber strength through diversity: Thursday 28 April, Birmingham

Later this month the Ethnic Minority in Cyber network will be hosting a symposium in Birmingham looking at initiatives to increase diversity in the cyber sector.

The symposium will consist of a keynote speech from Simon Hepburn, CEO of the UK Cyber Security Council, invited talks, panel sessions and roundtable workshops. Other confirmed speakers include: Andrew Elliot, DCMS deputy director; Amar Singh, CEO Cyber Management Alliance, and Prashant Pillai, Associate Dean, University of Wolverhampton.

Tickets are free and available here.