Support 100 years of independent journalism.

Is the UK’s cyber space more secure after Boris Johnson?

Recent data shows a country largely unprepared for a more hostile cyber landscape.

By Afiq Fitri

In April 2021, it was revealed that Boris Johnson’s personal phone number was freely available online for 15 years, nestled at the bottom of a press release published in 2006 when he was the shadow higher education minister. Three months ago, cyber security researchers from the University of Toronto’s Citizen Lab released an explosive report detailing traces of the NSO Group’s Pegasus spyware within UK government networks, including Downing Street and the Foreign Office.

While there is no evidence linking these two events, security experts have condemned the lack of basic cyber security at the heart of government. “It’s vital that anyone with access to sensitive material up to and including the PM have to pay close attention to the basic rules of cyber security, including their phone numbers,” said Peter Ricketts, the UK government’s former national security advisor, at the time of the Pegasus revelation.

But with Johnson now preparing to step down, what is his cyber security legacy at a time when the National Cyber Security Centre (NCSC) is warning of a “potentially protracted period” of cyber threats from Russia?

Recent cyber security statistics paint a picture of rising data breaches and cyber attacks in the UK, with the public and private sector largely unprepared for such events. Local councils across the country have been hit by a spate of ransomware and data breaches, with East Sussex, Hampshire County and Gloucestershire County alone suffering more than 2,000 data breaches in 2020 and 2021, according to a study by privacy researchers at VPN comparison site VPN Overview. During a speech to launch the government’s Cyber Security Strategy earlier this year, the then chancellor of the Duchy of Lancaster, Steve Barclay, said that recent data breaches are a “growing trend – one whose pace shows no sign of slowing”.

Select and enter your email address Quick and essential guide to domestic and global politics from the New Statesman's politics team. A weekly newsletter helping you fit together the pieces of the global economic slowdown. The New Statesman’s global affairs newsletter, every Monday and Friday. The New Statesman’s weekly environment email on the politics, business and culture of the climate and nature crises - in your inbox every Thursday. Our weekly culture newsletter – from books and art to pop culture and memes – sent every Friday. A weekly round-up of some of the best articles featured in the most recent issue of the New Statesman, sent each Saturday. A newsletter showcasing the finest writing from the ideas section and the NS archive, covering political ideas, philosophy, criticism and intellectual history - sent every Wednesday. Sign up to receive information regarding NS events, subscription offers & product updates.
  • Administration / Office
  • Arts and Culture
  • Board Member
  • Business / Corporate Services
  • Client / Customer Services
  • Communications
  • Construction, Works, Engineering
  • Education, Curriculum and Teaching
  • Environment, Conservation and NRM
  • Facility / Grounds Management and Maintenance
  • Finance Management
  • Health - Medical and Nursing Management
  • HR, Training and Organisational Development
  • Information and Communications Technology
  • Information Services, Statistics, Records, Archives
  • Infrastructure Management - Transport, Utilities
  • Legal Officers and Practitioners
  • Librarians and Library Management
  • Management
  • Marketing
  • OH&S, Risk Management
  • Operations Management
  • Planning, Policy, Strategy
  • Printing, Design, Publishing, Web
  • Projects, Programs and Advisors
  • Property, Assets and Fleet Management
  • Public Relations and Media
  • Purchasing and Procurement
  • Quality Management
  • Science and Technical Research and Development
  • Security and Law Enforcement
  • Service Delivery
  • Sport and Recreation
  • Travel, Accommodation, Tourism
  • Wellbeing, Community / Social Services
Visit our privacy Policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications.

Content from our partners
Why public health policy needs to refocus
The five key tech areas for the public sector in 2023
You wouldn’t give your house keys to anyone, so why do that with your computers?

Data from the Department of Culture, Media and Sport’s (DCMS) latest Cyber Security Breaches survey confirms this growing trend. Since 2019, the number of data breaches and cyber attacks identified by businesses and charities has also increased, with almost four in ten businesses and a third of charities reporting such incidents as of this year.

Part of the government’s solution to improve cyber security across the board includes a raft of policies designed by the NCSC to help UK businesses protect themselves against common threats. But data from the same survey shows a startling lack of awareness among businesses of the government’s cyber security initiatives, with barely any improvement in the past few years.

Just three out of ten businesses surveyed have heard of the Cyber Aware email security programme, which encourages people to improve their email security through using strong passwords and two-step verification. This figure has crept up from 21 per cent in 2017, while less than 20 per cent of businesses remain unaware of the NCSC’s 10 Steps and Cyber Essentials programmes. The 10 Steps initiative provides basic advice on identity and access management for example, while Cyber Essentials is a formal certification scheme for businesses to conduct self-assessments on their cyber security preparedness.

This lack of awareness among business and charities also translates into the low take-up of such initiatives. According to the DCMS survey, just 6 per cent of organisations have undertaken the Cyber Essentials certification, while only 1 per cent of businesses have signed up for the Cyber Essentials Plus scheme, which involves an external assessment. The global cyber security standard ISO 27001 and a payment card data assessment are more widely adopted among those organisations surveyed, but still by a minority.

The last three years of Johnson’s premiership have seen the UK government roll out the country’s first National Cyber Strategy and other headline-grabbing initiatives like a National Cyber Force. Whether these high-profile policies translate into a more secure cyber space is yet to be seen, but the current reality of cyber security in the UK paints a markedly different picture.

[See also: Andrew Marr: The Tories’ new nightmare]