A Bizarre Vacuum in the 2016 UK Budget
Cyber Security – It’s something of a Hot Topic
Month after month, year after year, recently it seems that the state of global cyber security is always, consistently, making headlines. Everybody is talking about it. Well, almost everybody. Last week George Osborne, the UK Chancellor of the Exchequer, delivered his 2016 Budget and, somehow, he managed to talk for just over an hour without mentioning cyber security once.
Which is really quite strange…
…when you consider that only back in November the same man gave a 45-minute speech in which he used the word “cyber” no less than 134 times. And make no mistake, the message back then was certainly pertinent to this year’s Budget, and one that we had every reason to expect to hear either supported or explicitly revoked in the Budget Speech. You see, Osborne declared back then that he planned to double cyber security spending, to £1.9 billion over the following five years.
…when you hear, only two days after the Budget, the Minister for the Cabinet Office and Paymaster General, Matt Hancock, confirming that the UK’s new National Cyber Security Centre, also announced by the Chancellor in his November speech, will open in London in October. This year. One can only assume that this will not be free.
…when you realise that the Budget was delivered literally the day after the Government’s controversial Investigatory Powers Bill (IPB) received its Second Reading in the House of Commons, amid reiterated concerns by industry experts and trade bodies. Concerns that it is still not workable, that controls over how it will be used remain unsatisfactory, and that the current bill simply “does not do what the Home Office says it does”.
…when I tell you that The Rt Hon Matt Hancock MP also gave a speech, just two weeks before the Budget, at the Institute of Directors. A speech in which he said, “It’s not just soldiers, sailors, airmen, and policemen we need to protect our assets and livelihoods today. Today a line of code can ruin lives just as any bomb or bullet” and concluded “So let’s work together to recognise the challenges we face, respond energetically to them, and make sure we have the capability to reap the rewards of the cyber revolution.”
In other news
I may have said “month after month, year after year” a few paragraphs ago, but let us just concentrate on headlines published within the three weeks prior to the Budget. The message, I think, is pretty clear.
The Independent wrote on 25 February that “Over half of British businesses to suffer cyber attacks by 2018,” referring to PwC’s latest highly respected Global Economic Crime Survey, and adding that “A third of UK organisations admitted they have no response plan” and, remember this last one for just a moment, “Cybercrime climbs to 2nd most reported fraud in 2016”.
Meanwhile, as if in response to that last point, Forbes claim on 2 March “U.K. Study Reveals Serious Underreporting Of Cyber Attacks By Business”, telling us that “companies are keeping quiet even though half (49%) of attacks have resulted in the interruption of business operations”. So not only is cybercrime now the 2nd most reported fraud, but that’s in spite of the fact that “Under one-third (28%) of cyber attacks are being reported to the police”. Just take that in for a few seconds before we move on.
Not to be left out, the BBC reported on 29 February about a highly sophisticated 6 month operation to hack into Ukraine’s electricity network and cause a blackout. Believed to be the first successful cyber-attack on an electricity distribution network, it was noted that there was nothing stopping the attackers shutting off power to a much wider area than they did, and has been described as “a shot across the bows” – with no reason to believe that the UK is safe from a similar attack, “given sufficient sophistication and funding”.
I could go on, but I will make this the last – The Telegraph published a piece on 15 March, again just the day before the Budget, the gist of which was that “Telecoms companies are the most vulnerable businesses in Britain to cyber attacks, yet spend the least on defending themselves against hackers”. Quotes include “More than half of telecoms bosses who took part in the survey believed their company would experience a “significant breach” within a year’s time” and “Bosses know it is a risk but are uncertain in their approach, often failing to prioritise spending on cyber security.”
The Problem has not gone away
Indeed, it has been said about cybercrime that “we are not only losing lots of battles, but the war as well”.
So why does it appear that, this year, Mr Osborne has decided he is going to ignore it?