It’s great to see so many people interested in online security gathered here. What we all do has been very much under the spotlight over the past month, so I wanted to talk about what the Government has been doing and how we’re working together in partnership with industry.
Firstly I wanted to highlight the ongoing partnership the Government has with Intel Security. I know colleagues at Intel Security - including James Stirk and his team - have been working closely with my officials. This has brought both shared understanding and practical outcomes. This really is how the Government should be working together with the private sector. The Government’s entire National Cyber Security Programme is based on partnerships so it’s pleasing to see this in action.
Good cyber security underpins the entire digital economy – we need it to keep our businesses, citizens and public services safe. Because the UK is a world leader in the use of digital technologies, we also need to be a world leader in cyber security. Trust and confidence in UK online security is crucial for consumers, businesses and investors.
Everyone here today contributes to that effort.
Since we launched the National Cyber Security Programme in 2011, we have invested £860m to protect & promote the UK. We’re investing - despite the challenges faced by the public finances - because we want to make UK the safest place in world to do business online.
A huge amount has been achieved. Working in partnership with industry, and people such as yourselves, we’ve started to transform business understanding and response, by getting cyber security out of the IT department and into the boardroom.
However, despite the good action being taken, the scale of the cyber threat is still significant. 74 per cent of small businesses and 90 per cent of large ones had a cyber breach in the past year. These breaches can be hugely costly and damaging to businesses.
So we’ve been pretty busy on cyber security recently, as you might imagine. There’s been a great deal of Parliamentary and media interest since the attack on TalkTalk. No one likes to see the theft of personal data.
But I believe we need to take this moment as a timely reminder that we need can take action to protect ourselves. I hope businesses around the country are taking the opportunity to review how they deal with cyber security.
Cyber Governance Health Check
Following the TalkTalk attack, I promised to write to FTSE 350 companies about cyber security. Today I am doing that - and I am using the opportunity to launch our third annual Cyber Governance Health Check.
The Cyber Health Check is a partnership between the Government and the audit community which helps the UK’s top firms understand and improve their level of cyber security.
We know from last year’s health check data that good progress is being made. For example, 88 per cent of FTSE 350 firms now include cyber security in their risk register, up from 58 per cent in 2013. But we know there is more to do, which is why my letter today is urging all FTSE 350 firms to take part in the cyber health check.
The Government is stepping up its activity on cyber security in other areas too.
The Chancellor made a major speech at GCHQ yesterday where he announced Government plans to invest £1.9 billion in cyber security over the next five years. This more than doubles the current level of Government investment, something which is absolutely necessary if we are to make Britain the best protected country in cyber space.
As part of this plan, we’ll be recruiting 1,900 new staff for the three intelligence agencies and opening the first National Cyber Centre, which will handle cyber incidents and ensure faster and more effective responses to major attacks.
There will be a stronger Active Defence Programme to divert more malware attacks and block bad addresses used against British internet users.
The Chancellor also set out an ambitious new cyber skills programme. We can only innovate, grow and protect the UK if we have the right skills, now and in the future.
The Government has already put in place interventions at every level of the education system to boost cyber security skills including introducing coding in schools and new cyber security content in Further and Higher Education courses.
Our new plan on skills includes identifying young people with cyber talent and providing them with training, after-school expert mentoring sessions and paths into a variety of cyber careers.
We’ll open a new Institute for Coding looking at digital skills and computer science. And we’ll offer new higher and degree level cyber apprenticeships focused around protecting key sectors like finance and energy.
One of our current key priorities is Cyber Essentials. Cyber Essentials is the joint industry and Government scheme we launched last year setting out clear basic standards for cyber security.
If you adopt Cyber Essentials in your business, you will protect your business against the majority of threats on the internet.
I want to be very clear about this. I’d like to see all businesses operating online adopt Cyber Essentials.
Cyber Essentials isn’t just for the large prime firms - it’s also helps them to manage their third party risks, which is why we have made the scheme suitable for smaller businesses, including those who are part of larger supply chains.
As I said earlier, the Government has worked closely with Intel Security, especially on Cyber Essentials. Last month I was pleased to announce that Intel Security had achieved the 1,000th Cyber Essentials certificate. Over 1,200 certificates have now been issued.
This is just a start - businesses across the economy are adopting Cyber Essentials. We’re really serious about this, because it will have a transformative effect upon the cyber security of UK industry. So much so that in Government, we now require suppliers of most contracts and services to hold a Cyber Essentials certificate.
I hope many large firms will follow the Government’s lead in requiring their suppliers to adopt Cyber Essentials - this will enhance security for all of us.
The future of cyber security
I’d like to finish by saying this issue is not going away. As I mentioned earlier, the cyber threat remains significant, but the UK is well-placed to respond to it. We are also well-placed to benefit, and we’re growing a world-leading cyber security industry to support us.
The Strategic Defence and Security Review is currently looking at the future of cyber security and will report soon. Whatever the outcome of that review, cyber security will remain a priority for Government and we will continue to tackle the danger posed by cyber threats.