Client Alert: UK National Cybersecurity Strategy

The plan includes:

• Use of automated defenses to safeguard citizens and businesses against growing cyber threats
• Supporting the UK’s fight against growing cyber threats
• Developing a world-class cyber workforce
• Deterring cyber-attacks from criminals and hostile actors

The government’s resolve to fight the state-level cyber threat, coupled with a 50-strong boost the National Cyber Crime Unit, part of the National Crime Agency, is commendable and this announcement of £1.9bn funding, additional investigators and collaboration between the public and private sector to address the cyber risk is welcome. However, there is no substitute for businesses taking steps to protect themselves, or at least be ready to respond to a cyber incident.

Complete protection from cyber risk, however, is impossible for a business to achieve and any framework of controls must be risk-based and proportionate if it is not to impact unduly the ability to do business. Managers should not under-estimate the risk that their business and every business that has intellectual property, customer records and a bank account faces. Businesses in certain industries such as the financial services sector must comply with additional requirements, and regulators and policymakers around the world are increasing their scrutiny of information security controls.

Duff & Phelps’ team of investigators, subject matter experts and technologists are available to discuss these and other issues related to cybersecurity, including policy, best practices, corporate risks and other emerging issues.