Is your organisation leveraging the competitive advantage of a positive cyber security culture? What is your organisation doing to promote cyber security and support the Government in making the UK the world's leading market place? It’s a fine line between protection and enablement – how is your organisation dealing with the cultural and behavioural impacts?
These questions and more were raised at the CYSPEX Cyber Security Breakfast held at the Houses of Parliament on the 1st March 2012. It was a full house with attendees from the government, private sector and academia providing insights and responses to some of the challenges facing the UK in Cyber Security.
The event was sponsored by Templar Executives and StratexSystems. Andrew Fitzmaurice, CEO, Templar Executives, introduced the speakers and set the scene explaining, “Today’s briefing is designed to promote the holistic approach required for effective cyber security and to hear from those in the public and private sectors who understand this and are actively contributing to the National Cyber Security Strategy".
Key note speakers included; Andrew Miller MP and Chair of the Science and Technology Select Committee, Adrian Leppard, Commissioner of Police for the City of London, John Cook, Head of Defence Security and Assurance Services, Ministry of Defence, Simon Parker, Chief Information Officer, Babcock International Group PLC and Rena Lalgie, Deputy Director of Cyber Security, Department for Business Innovation and Skills. Both Baroness Paul Neville-Jones (Special Representative to Business on Cyber Security) and Lord Errol supported the event and participated in the lively audience debate that followed. All of these attendees are prominent in the actions they are taking to develop the UK’s Cyber Security maturity response.
Andrew Miller MP opened the session by highlighting it is imperative for government and business to work together to tackle the cyber threat which is growing and “increasingly complex and dynamic”. Commissioner Leppard re-enforced this by stating that last year alone, fraud cost the UK economy £38.6billion.
Commissioner Leppard outlined the plans of the Economic Crime Unit and National Fraud Intelligence Agency and the steps they are taking to centralise the capture of fraud intelligence. The Commissioner concluded by saying; “the threat of internet crime is increasing exponentially and whilst both the government and the private sector have responded positively to this challenge we have got to keep the pace going” a view that was echoed by all speakers.
John Cook from the MoD and Simon Parker, CIO of Babcock shared the approach that their respective organisations are taking to increase their Cyber Maturity capability. Simon Parker explained that technology was only part of the picture; to be effective the culture of the organisation needed to be changed by carrying out training, at all levels, to raise awareness. Both the speakers concurred that organisations need to do more to articulate their information risk appetite and manage risk in accordance with that appetite.
John and Simon also emphasised the need for the board to endorse a Cyber Security strategy and drive change from the top. Implementing effective cyber security requires everyone within an organisation to be accountable and take responsibility for understanding the threats and vulnerabilities they face and how they can prevent them. Addressing the supplier market, John Cook said suppliers need to “take action to ensure and demonstrate they have sufficient cyber security measures in place in what is a dynamic challenge that none of us can afford to ignore.” It was noted that those suppliers who did take action were not only contributing to the overall aim of the National Cyber Security Strategy – making UK Plc the place to do business – but also gaining a competitive advantage.
Rena Lalgie called for a shift in emphasis so that cyber security is seen as an enabler for economic prosperity and that there needs to be a focus on galvanising and partnering with the private sector to deliver the change necessary in this area. Cyber security should be an integral part of how companies manage their corporate risk.
In his closing remarks Andrew Miller MP commented on the next generation of the UK workforce and observed “the missing link is in education; technical and practical skills and behavioural change need to be taught and embedded in the education process. We need to shift the dynamics so young people grow up knowing how to protect their own work and are used to working in that way.”