Parliament committee attacks UK government’s ‘shambolic’ cyber strategy

Only days after the former head of the UK’s National Cyber Security Centre (NCSC) called on his country to criminalise ransomware payments, the Joint Committee on the National Security Strategy has accused the government of adopting an “ostrich strategy” for national cybersecurity. The committee has also criticised the government for ignoring the ongoing rise in cyber insurance claims, which has made cover increasingly unaffordable for many UK businesses and therefore needs market intervention. “The government does not acknowledge how unaffordable the insurance market can be for some cyberattack victims – local authorities and small companies are among the notable examples – and the government does not agree that public intervention in this market is necessary. It instead suggests that the roll out of the National Cyber Strategy should begin to reduce claims and therefore lower premiums, despite the committee’s report highlighting both the rapid recent growth of costly cyber-attacks and the government’s lack of understanding of the frequency and type of attacks that are actually occurring, or how often or what amounts of ransoms are being paid,” stated the committee this week. The harsh words followed the UK government’s response to the committee’s year-long inquiry into ransomware, which was published in December. Commenting on the government’s response, the chair of the JCNSS expressed the committee’s ongoing and “deep” concerns that government short-termism and lack of preparation and planning are leaving the UK wide open to a severely damaging ransomware attack. It said the consequences would vary from ongoing damage to the economy and productivity to the real possibility of a national emergency. Dame Margaret Beckett MP, chair of the committee, said: “Perhaps it is not surprising that government is not focused on preparing for the acknowledged, extremely high risk of a destructive and ruinously costly cyberattack on the UK. Despite its place at the top of the UK’s national risk register for years, our national response to the pandemic when it inevitably hit could fairly be categorised as shambolic.” “In this response to our ransomware report, it is ever clearer that government does not know the extent or costs of cyberattacks across the country – though we’re the third-most cyberattacked country in the world – nor does it have any intention of commensurately upping the stakes or resources in response.” “If the government insists on operating the ostrich strategy for national cybersecurity – based on legislation made before the internet arrived, centered on a department that seems to have difficulty mustering much interest in the issue, and in stark contrast to the cyberattackers, who are so fantastically well-coordinated and resourced – where is the pro-active national security response to protect the UK supposed to come from?” added Beckett. Adding: “The UK is and will remain exposed and unprepared if it continues this approach to tackling ransomware. This response from the government is not the assurance the committee sought or that the country needs, and all the responsible and coordinating departments would benefit from going away and reconsidering how the UK is to defend against this most pernicious threat.” Following this government response, the committee said it will continue to monitor and follow up on issues raised in its report, especially where “well-founded” recommendations to enhance critical elements of national security have been rejected “out of hand”. It will also encourage the successor committee, appointed after the upcoming UK general election, to continue to follow up and monitor progress against this report’s recommendations. The committee noted that the government continues to insist that all is well with UK cyber regulation, despite the fact regulators say limitations in their capabilities and the regulations themselves are preventing some from making full use of powers they do have. It noted that 42% of operators of essential services don’t feel they have the skills and capacity to deliver their obligations under the NIS Regulations. “After a painfully delayed consultation, the UK still continues to rely on an act of parliament created before the advent of the internet itself as its main legislative tool against cybercrime,” said the committee. The committee said it will continue to monitor whether government work leads to better cyber and ransomware attack reporting that might begin to fill gaps in government knowledge and improve strategic responses. It said it has heard “worrying evidence” of exactly how unprepared and unsupported UK local authorities are for cyberattacks that could cripple or temporarily cease essential local services. It believes that the government is fully aware of this situation. “But there is nothing in the response to address or assuage those concerns, there is no offer to counter the lack of resourcing and skills at local level, no offer of enhanced help for the responsible authorities or the populations that would be affected,” said the committee.

Parliament committee attacks UK government’s ‘shambolic’ cyber strategy

Intervention likely needed as cyber insurance premiums spiral

Want to read this article?

Read Next

AstraZeneca places innovative outcomes based policy that covers interconnected risks

40% of ESG investment funds in Europe accused of greenwashing

Talanx brings forward targets in new sustainability strategy

German insurers brace for rising fraud cases

FM Global reveals record $1.4bn renewal credits

AstraZeneca places innovative outcomes based policy that covers interconnected risks

40% of ESG investment funds in Europe accused of greenwashing

Talanx brings forward targets in new sustainability strategy

German insurers brace for rising fraud cases

FM Global reveals record $1.4bn renewal credits

Want to read this article?

Read Next

AstraZeneca places innovative outcomes based policy that covers interconnected risks

40% of ESG investment funds in Europe accused of greenwashing

Talanx brings forward targets in new sustainability strategy

German insurers brace for rising fraud cases

FM Global reveals record $1.4bn renewal credits

Related Articles