A National Audit Office review of the UK government’s strategy for cyber security indicates a concern over the lack of skills needed to fight the persistent threat of cyber crime. The NAO review identifies several additional challenges faced by the government in implanting its strategy. These include the need to influence industry to protect and promote itself and UK plc; to increase awareness so that people are not the weakest link; to tackle cyber crime and enforce the law; and to encourage more agile and joined up thinking in government.

The cost of cyber crime to the UK is currently estimated to be between £18 billion and £27 billion. Business, government and the public must therefore be constantly alert to the level of risk if they are to succeed in detecting and resisting the threat of cyber attack.

The UK Cyber Security Strategy, published in November 2011, set out how the government planned to deliver the National Cyber Security Programme through to 2015, committing £650 million of additional funding. The strategy placed greater emphasis on the role of the public and industry in helping secure the UK against attacks and also the opportunities to UK business from a growing market in cyber security.

Among progress reported so far, the Serious Organised Crime Agency repatriated more than 2.3 million items of compromised card payment details to the financial sector in the UK and internationally since 2011, preventing a potential economic loss of more than £500 million. In the past year, moreover, the public reported to Action Fraud over 46,000 reports of cyber crime, amounting to £292 million worth of attempted fraud.

The NAO recognises, in particular, that there are some challenges in establishing the value for money of the cyber security strategy. There is the conceptual problem that, if cyber attacks do not occur, it will be difficult to establish the extent to which that was down to the success of the strategy. There is also the challenge of determining the relative contribution to overall success or otherwise of different components of the strategy. And there is the challenge of assigning a value to the overall outcome, to set against the cost of the strategy. The government has work underway to measure the benefits of the strategy.

Amyas Morse, head of the National Audit Office, commented: "The threat to cyber security is persistent and continually evolving. Business, government and the public must constantly be alert to the level of risk if they are to succeed in detecting and resisting the threat of cyber attack.

"It is good that the government has articulated what success would look like at the end of the programme. It is crucial, in addition, that progress towards that point is in some form capable of being measured and value for money assessed."

The report is designed to set the scene in an area likely to be of continuing interest to the Committee of Public Accounts. Although the committee has not specifically examined the issue of cyber security, it raised concerns about cyber security in relation to the government’s plans for smart meters, which will enable energy suppliers to collect meter readings over the internet, as well as pointing to a lack of detail on cyber security plans in the government’s 2011 ICT strategy.

Share Story: