UK companies urged to step up cyber protections

Cyber Minister Viscount Camrose is calling on companies to ramp up their cyber protections as new figures show the majority of larger UK businesses have fallen victim to a cyber security incident over the last 12 months. 

Published today (20^th March) the government findings reveal 75% of medium and large businesses and 79% of high-income charities experienced some form of cyber security incident in the last year, making the need for greater action to shore up their defences more pressing than ever before.

• Figures from the third phase of a review into cyber security, which started in 2022, show businesses and charities have improved their cyber resilience since the first year of the study.
• However, in order keep pace with the growth of the cyber landscape in the UK, Viscount Camrose is now urging them to introduce more robust safeguards to help address fast emerging cyber risks, as organisations continue to present a target for online criminals.
• Other steps organisations are being urged to take include putting detailed plans in place to respond to and recover from cyber incidents, and equipping employees with adequate skills and awareness of cyber issues - giving them the tools they need to protect themselves from online threats.
• The results are part of the third iteration of the Cyber Security Longitudinal Survey, an ongoing study which explores the readiness of organisations to tackle cyber security threats. 
• The government has a longstanding history of working shoulder-to-shoulder with industry to tackle cyber threats. The recently published Cyber Governance Code of Practice, designed in partnership with the National Cyber Security Centre (NCSC), will help business leaders toughen up their cyber protections, setting out key actions for Directors to take such as making sure companies have detailed plans in place to respond to and recover from any cyber incidents. 
• The government has also established the Cyber Essentials scheme, a certification system which provides organisations with basic controls they should have in place to become cyber resilient. Over the past year, the government has awarded nearly 40,000 of these certificates.
• Through this scheme, organisations can demonstrate the vital cyber security controls they have in place, such as effectively managing security updates, having suitable anti-virus software, and removing default passwords.  
• New professional qualifications from the UK Cyber Security Council and DSIT’s advanced digital skills campaign are also driving up levels of cyber skills across the economy, ensuring businesses have the in-house expertise to protect their operations.  
• Tackling the threat of cyber attacks and bolstering defences for workers and people across the country is one of the government’s enduring priorities. From 29 April, a raft of new measures will introduce world-first protections for consumers with connectable products, covering everything from smart TVs and doorbells to games consoles and printers. This month, the government provided new guidance to help local authorities inform their communities on how to protect themselves from cyber-threats.  
• New regulations through the Product Security and Telecommunications Infrastructure (PSTI) Act will ban default and easily guessable passwords, increase manufacturer transparency over a product’s security update period, and introduce a new process for reporting any bugs in devices.  

Viscount Camrose, Minister for Cyber, said: 

“The UK is making remarkable progress in cementing our status as a key global player in cyber. Our cyber sector continues to generate unprecedented employment and business opportunities, but we know that there are still a host of challenges and risks that we cannot ignore.

“This is why I am calling on organisations of all sizes to step up their cyber security plans to guard against threats, protect their customers and workforce, and our wider economy. 

“We are working shoulder to shoulder with industry to ensure organisations have a robust plan of action to tackle these threats head-on. From a Code to help leaders toughen up cyber protections to up-skilling the workforce so businesses have in-house expertise, these government-backed measures can support organisations to safely unlock the potential digital technologies offer.”