When Tim Berners-Lee created the worldwide web 25 years ago, he made it open and free. It was an incredible gift to the world, allowing anyone to use this invention to create new technologies, solutions and opportunities. The digital revolution has brought new choices and speed to the world of business, just as it enables governments to provide public services that are more convenient and responsive to people’s needs, at a lower cost to taxpayers. Whatever the threats from the internet, we need an approach to cyber security that helps government, businesses and individuals keep safe online so they can continue to enjoy these remarkable benefits.
Intellectual property theft is a big threat to UK firms – one London-based company had a loss running into the hundreds of millions of pounds as a result. As part of its long-term economic plan, the government wants the UK to be one of the safest places in the world to do business. That’s why we’ve committed to improving our resilience through the UK Cyber Security Strategy, backed by £860m of funding.
Our strategic investment in cyber security has enabled the creation of a National Cyber Crime Unit, within the new National Crime Agency, and a national computer emergency response team, CERT-UK. Together with government departments, GCHQ and other agencies, these bodies are already working to combat cyber criminals, as well as producing guidance and resources for businesses.
But government cannot and should not do this on its own. Companies must manage their own risks. Cyber security cannot just be an issue for the IT department: it’s an issue for the boardroom, too. Firms should have tried and tested resilience plans. The good news is that the 2013 Cyber Governance Health Check was completed by almost two-thirds of FTSE-350 companies, suggesting that boards are starting to take the issue more seriously.
Because the cyber threat is anonymous and dispersed, governments and businesses must work together. Last year we launched the Cyber Security Information Sharing Partnership (CiSP). This enables businesses to share intelligence on threats and vulnerabilities as they occur, helping to build a more complete picture of the cyber threats we face. This intelligence has already helped organisations respond to recent threats such as Shellshock, GameOver Zeus and Heartbleed. By the end of October, 683 companies had joined the partnership and it continues to grow.
The British digital economy. Illustration: Chris Ong
The UK is actively engaged with developments in Europe, particularly the negotiation of the Network and Information Security Directive. We need strong cyber security among all our neighbours. This directive can help, but it should not come at the cost of onerous regulation on business and we will continue to influence the negotiations. After all, the reason our partnership works so well is that it’s business-led, which creates trust and means companies are willing to share information in confidence.
We should also recognise that cyber is a business of the future in its own right, creating opportunities for jobs and growth. It’s one where Britain has significant strengths. It already employs some 40,000 people and is worth £6bn in the UK. We want to see it grow further. Government and business have teamed up to create the Cyber Growth Partnership, which represents a cross-section of some of Britain’s most innovative firms. One of them, the Worcester-based SME Titania, which I visited recently, supplies software to customers in over 60 countries.
There’s a huge potential market for UK cyber expertise and products abroad. I’ve discussed cyber security with my ministerial counterparts from countries as far afield as India and Israel, Spain and South Korea. It’s clear that the phrase “Made in Britain” has enormous resonance. My message is simple – UK business is strong, competitive and innovative and is ready to work with you. Under our first ever Cyber Exports Strategy we aim to export £2bn worth of products and services by 2016, up from £850m last year.
We already punch above our weight in cyberspace and have the potential to become a 21st-century cyber superpower. Government and businesses must work together, so that we can all reap maximum benefit from the digital age.
Francis Maude is minister for the Cabinet Office and Paymaster General.
Graphics sources: Office of Cyber Security; National Security Council; FireEye; AT Kearney/Vodafone; Department for Business, Innovation and Skills Information Security Breaches Survey 2014.