SECURING THE UK S DIGITAL PROSPERITY. Enabling the joint delivery of the National Cyber Security Strategy's objectives

Similar documents
The UK s National Cyber Security Strategy

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

CYBER RESILIENCE & INCIDENT RESPONSE

Commonwealth Cyber Declaration

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

THE POWER OF TECH-SAVVY BOARDS:

Principles for a National Space Industry Policy

DELIVERING SIMPLIFIED CYBER SECURITY JOURNEYS

DIGITAL TRUST Making digital work by making digital secure

The University of Queensland

Cloud First: Policy Not Aspiration. A techuk Paper April 2017

Governing cyber security risk: It s time to take it seriously Seven principles for Boards and Investors

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Cyber Security in Smart Commercial Buildings 2017 to 2021

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

Securing intelligent networks: a guide for CISO and CIOs

The trouble with referees is that they know the rules, but they do not know the game.

Make your people your most effective defence against cyber-attacks. Brought to you in partnership with

T-SURE VIGILANCE CYBER SECURITY OPERATIONS CENTRE

A new approach to Cyber Security

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Cyber Security Strategy

The NIST Cybersecurity Framework

Build confidence in the cloud Best practice frameworks for cloud security

Security and resilience in Information Society: the European approach

Powering Resilience. Keep your business on 24/7. Proposition series September 2017

Data Sheet The PCI DSS

Implementing ITIL v3 Service Lifecycle

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

M&A Cyber Security Due Diligence

Security Awareness Training Courses

Cybersecurity. Securely enabling transformation and change

Position Description. Computer Network Defence (CND) Analyst. GCSB mission and values. Our mission. Our values UNCLASSIFIED

Incident Response. Tony Drewitt Head of Consultancy IT Governance Ltd

BUILD YOUR CYBERSECURITY SKILLS WITH TRASYS INTERNATIONAL

COST OF CYBER CRIME STUDY INSIGHTS ON THE SECURITY INVESTMENTS THAT MAKE A DIFFERENCE

ICB Industry Consultation Body

Cyber risk Getting the boardroom focus right

Driving Global Resilience

Cyber Resilience - Protecting your Business 1

13967/16 MK/mj 1 DG D 2B

SAINT PETERSBURG DECLARATION Building Confidence and Security in the Use of ICT to Promote Economic Growth and Prosperity

Cyber Security Issues and Responses. Andrew Rogoyski Head of Cyber Security Services CGI UK

POSITION DESCRIPTION

Continuous protection to reduce risk and maintain production availability

WHO-ITU National ehealth Strategy Toolkit

Cybersecurity and the Board of Directors

A sustainable approach to property rationalisation and cost savings Sustainability---the new dynamic

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Protect Your Organization from Cyber Attacks

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Cyber fraud and its impact on the NHS: How organisations can manage the risk

Big data privacy in Australia

Endpoint Security for Wholesale Payments

Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

DIGITAL TRANSFORMATION IN FINANCIAL SERVICES

SRM Service Guide. Smart Security. Smart Compliance. Service Guide

CLEARING THE PATH: PREVENTING THE BLOCKS TO CYBERSECURITY IN BUSINESS

Run the business. Not the risks.

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

Securing strategic advantage

Avanade s Approach to Client Data Protection

Swedish bank overcomes regulatory hurdles and embraces the cloud to foster innovation

CYBER SECURITY TAILORED FOR BUSINESS SUCCESS

EY s data privacy service offering

Enabling Security Controls, Supporting Business Results

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide

SOLUTION BRIEF Virtual CISO

Regulating Cyber: the UK s plans for the NIS Directive

General Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary

European Union Agency for Network and Information Security

STRATEGIC PLAN. USF Emergency Management

Business Continuity Management: How to get started. Presented by: Tony Drewitt, Managing Director IT Governance Ltd 19 April 2018

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

Qatar s National ICT Plan

Cyber Security and Cyber Fraud

2016 KPMG AS, a Norwegian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG

An overview of mobile call recording for businesses

Call for Expressions of Interest

SECURITY SERVICES SECURITY

Addressing the elephant in the operating room: a look at medical device security programs

Cognizant Cloud Security Solution

Cyber Security in Europe

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

Cybersecurity: balancing risks and controls for finance professionals

How to be cyber secure A practical guide for Australia s mid-size business

Cybersecurity for Health Care Providers

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

FDA & Medical Device Cybersecurity

Building UAE s cyber security resilience through effective use of technology, processes and the local people.

Security in India: Enabling a New Connected Era

DEPARTMENT OF THE AIR FORCE PRESENTATION TO THE SUBCOMMITTEE ON STRATEGIC FORCES U.S. HOUSE OF REPRESENTATIVES

Symantec Data Center Transformation

ENISA EU Threat Landscape

Evolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha

Transcription:

SECURING THE UK S DIGITAL PROSPERITY Enabling the joint delivery of the National Cyber Security Strategy's objectives 02 November 2016

2 SECURING THE UK S DIGITAL PROSPERITY SECURING THE UK S DIGITAL PROSPERITY Enabling the joint delivery of the National Cyber Security Strategy s objectives The latest National Cyber Security Strategy (NCSS), sets out the UK s five-year plan to enhance resilience against a range of cyber related threats. It is more comprehensive than its predecessor and has a robust set of objectives. It builds on the foundations successfully laid in the previous strategy, through its key themes of deter, defend and develop and also includes a new recognition of the need for further development of the UK s cyber skills. The scope of the strategy has been broadened to include the UK s wider cyber landscape, and makes a commitment to a number of Active Cyber Defence measures to reduce the impact of high volume cyber attacks. The strategy also acknowledges that objectives from the last five years have not been met at the pace anticipated, particularly where there had been a reliance on the market. This reliance continues and there is a risk of history repeating itself unless a different approach is adopted. This approach should focus on joint action and shared responsibility to successfully implement and embed the changes outlined in the strategy. That means both topdown action from government and bottom-up pressure from industry, investors and the public. This effort should focus on three key elements: 1. Elevating the importance of cyber risk 2. Driving collective innovation 3. Embedding cultural change. We explore each of these in more detail.

SECURING THE UK S DIGITAL PROSPERITY 3 Elevating the importance of cyber risk Today 88% of FTSE 350 companies have cyber security on their risk registers. 1 Despite this, there is evidence that this risk is not always managed appropriately until the inevitable failure happens 2. There is also a risk that many organisations boards may now believe that the new national strategy provides sufficient protection against cyber attack and reduces the need for them to act. This is clearly not the case and boards must play their part in strengthening their own organisation s defences. This includes acknowledging that responsibility for managing cyber risk does not just rest with the IT department but requires the whole business to engage in this work. Boards then must make sure they have a clear understanding of the value of their digital assets, the financial and reputational impact of any breach and the impact this would have on trust in their organisation. They also need clarity about the investment required (now and ongoing) to achieve an appropriate level of cyber security for their organisation. The strategy identifies a number of potential levers that can be used to support this work, including the EU General Data Protection Regulation (GDPR) 3, other regulatory action, and pressure from insurers and investors. Regulation, and ensuring compliance will clearly be important. However, influencing the behaviour of investors to apply pressure on boards is potentially a more powerful driver of action. As cyber risks to organisations become more apparent, they may look to insure themselves against losses. However, premiums are likely to rise significantly, as the insurance market matures and responds to continuing poor cyber security controls and hygiene. In some cases, businesses may be unable to gain any form of insurance cover through which to recover losses resulting from a digital incident. This will be a key driver in galvanising investors to exert pressure and encourage businesses to change the way they perceive cyber risks and improve their cyber security. 1. UK Cyber Security Strategy Annual Report, April 2016. 2. House of Commons Protection of Personal Data Online, June 2016 3. PA Consulting http://bit.ly/2fvagrk

4 SECURING THE UK S DIGITAL PROSPERITY Driving collective innovation The cyber threat is changing constantly, with new attack vectors and vulnerabilities being exploited every day. The strategy underlines that it is vital that UK plc focuses on innovation to stay ahead of the evolving threat. There are already a number of cyber- focused innovation clusters and government initiatives helping to foster UK innovation and to build future cyber skills. In addition, the government is also providing funding to support cyberrelated start-ups. This is providing helpful top-down direction, but a bottom-up demand from individuals and businesses to drive investment in new solutions which address their needs will be equally important in sustaining innovation. Businesses should develop a deep understanding of the threats and an ability to respond flexibly to them through the right combination of innovative technology, process and people. Individuals need to be informed about the cyber dangers they face in a way they understand. They also require assurance that cost-effective defences are being developed for the services they use, such as third-party payment systems for online shopping. These defences should be applied both to existing solutions as well as being built into new products and services by default. Solutions also need to be developed and be adopted in an agile way to drive demand and address evolving threats - acknowledging that as the threat changes so should our response. Making a compelling case to enable this to happen will mean tailoring the message to make it relevant to different stakeholders within industry and the general public.

SECURING THE UK S DIGITAL PROSPERITY 5 Embedding cultural change Moving forward People can be the weakest link in cyber security, but if they are educated and informed properly, they can also be the strongest defence. It is in the national interest for the public to care about cyber security in the same way they care about environmental impact or health and safety. That means creating a culture of cyber security and providing simple and effective ways to respond to individual concerns, as well as helping them to protect themselves. These cyber defence actions should be embedded in daily behaviour in the same way that wearing bicycle helmets and seatbelts, or not drink driving, have become the subconscious norm. Examples already include users upgrading to the very latest versions of software on a routine basis following an automated prompt to do so and using two factor authentication for some services such as online banking. If this work is successful in raising public awareness of cyber risks, then this will put further pressure on the leadership of companies and organisations to make cyber security a priority at every level. There then needs to be a straightforward way for companies to respond to individual demands for proof of their cyber credentials and demonstrate trust. This could be common certification or badging through something like a Cyber Essentials Standard, which could then become accepted and understood in the same way as safety kitemarks. The NCSS is a promising strategy which is honest about the challenges facing the UK and is ambitious about tackling them. Ultimately its success will depend upon innovative implementation. The experience of the previous strategy shows that this requires an approach that supports rapid action on a broad scale. In particular, it must focus on how to motivate all those involved to drive timely and effective action. To achieve this will require a coherence between top-down Government action and bottom-up demand from industry, investors and the wider public to drive innovation that keeps pace with the changing threats. The cyber security risks are clear and the consequences of not managing them effectively are far reaching for us all. However, there is now a real opportunity to work together and take the action that will achieve the strategy s vision of making the UK secure and resilient to cyber threats, and prosperous and confident in the digital world. For more information contact digitaltrust@paconsulting.com

We Make the Difference An independent firm of over 2,600 people, we operate globally from offices across the Americas, Europe, the Nordics, the Gulf and Asia Pacific. We are experts in consumer and manufacturing, defence and security, energy and utilities, financial services, government, healthcare, life sciences, and transport, travel and logistics. Our deep industry knowledge together with skills in management consulting, technology and innovation allows us to challenge conventional thinking and deliver exceptional results that have a lasting impact on businesses, governments and communities worldwide. Our clients choose us because we don t just believe in making a difference. We believe in making the difference. 19102 Corporate headquarters 123 Buckingham Palace Road London SW1W 9SR United Kingdom +44 20 7730 9000 paconsulting.com This document has been prepared by PA. The contents of this document do not constitute any form of commitment or recommendation on the part of PA at the date of their preparation. PA Knowledge Limited 2016. All rights reserved. No part of this documentation may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying or otherwise without the written permission of PA Consulting Group.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback