Protecting the economy: working together to build cyber resilience
At a UK Finance fringe event, shadow security minister Nick Thomas-Symonds and an expert panel discussed how the public and private sector can work together to protect UK businesses from cyber-attacks.
“The prevalence of cyber-attacks is increasing rapidly,” warned shadow security minister Nick Thomas-Symonds, speaking at the UK Finance Labour conference fringe event this week.
“46% of UK businesses have identified at least one cyber-attack in the last 12 months. That is a jump up from 24% the year before. These security breaches cost the economy 27 billion a year,” he added.
Microsoft’s Jenny Kalenderidis cautioned that Britain continues to be “an interesting target for those who want to attack us, because there are a lot of us online.”
“We represent the highest internet penetration in the G20, at just under 93% which is an astounding statistic,” she said.
According to the Office for National Statistics, cyber-crime is set to become the UK’s most commonly reported offence - and one of the main targets is the UK’s financial sector.
“Cyber resilience is the most pressing and challenging issue for the financial services industry. The industry is a priority target because of the financial assets that we hold and the customer data that we hold,” said CEO of UK Finance, Stephen Jones.
Tackling this threat can only be done with a strong public-private partnership and collective action.
Paula Kershaw Head of Cyber Security at HSBC said: “Our response has to be collective. Previous attacks have shown how quickly they can take hold and spread in whatever way they can.”
The viral nature of these attacks means that organisations are only as strong as their weakest supplier.
Jones elaborated, saying: “It is not just about spending more money. To protect the economy from the rapid growth in threats we need a strategic response, which essentially means people acting together.
“We need to move from the limited defensive model centred on individual institutions or individual targets. If we can share insights and intelligence between institutions and across the supply chains for these institutions we can focus more on the threats and improve our ability to anticipate, respond, and innovate. And we need collaboration across the wider economy as well.”
The UK Finance CEO also said as state actors become more prominent in cyber-attacks, it is ever more pressing to have involvement from ministers.
He called for the Government to play a roll as a catalyst in enabling and supporting the wider ecosystem of institutions, tech firms, academics, regulators, and law enforcement coming together.
“There are some obstacles to doing that and we need a legal safe harbour in order to enable data to be shared in that context,” said Jones.
“The Government plays a critical roll in ensuing a safe and secure technology revolution. Tactically, law enforcement and intelligence is a part of government and we have to harness those agencies better. We do need those public-private partnerships to disrupt cyber networks. The benefits of this approach are accepted, look at what we achieved with money laundering.”
Cyber protection is especially essential for UK finance with the movements of capital which can now be made so quickly across the world.
“We are also asking government to help by driving harmonisation of international regulations. Cyber knows no boarders and we believe harmonisation should be around a flexible principles based approach built on prescriptive foundations, in order to stay ahead of the threats,” advised the UK finance CEO.
The global nature of the threat and potential implications of Brexit were of concern to the panel.
Kalenderidis pondered the potential impact Brexit will have in terms of data flows, and how they will be managed.
“Especially the UK-US privacy shield. How will data flow between the US and the UK given that we will be outside the European Union,” she said.
Stephen Jones said there may be some who are treating data sharing as ‘part of the battle’: “I am aware of one French minister who, as Brexit emerged, was in London and said ‘we look forward to getting our data back’.
”In terms of the harmonization of international regulation, clearly Brexit is a challenge in respect of that”, added the shadow minister.
“What’s obviously going to happen is that the European Court of Justice is going to make decisions in the years to come on data protection and data regulation. It is very important that the UK doesn’t fall behind.”
But, according to Jones, the impending departure from the EU could bring potential opportunities.
“In the context of a post Brexit world, for the UK to offer itself as the safest and most transparent place to do business in financial services because of the strength of its cyber resilience, would be a fantastic opportunity for us to take. It will be a competitive advantage in the long term, whatever the others are doing, we should be seen as being really good at this.
“The UK is a great place for global great minds in this space to come and work. The ecosystem works extremely well and the environment is attractive. We have a global technological advantage and if we can maintain it we can become the second Silicon Valley in the United Kingdom in the post Brexit world.”