The Chancellor George Osborne has warned that it is increasingly difficult to protect UK business from cyber-attack, and that terror groups like ISIS are becoming ever more capable of doing damage on the internet. In a speech at GCHQ last month, when he announced £1.8 billion of extra money for cyber-security, he said there were limits to what government could achieve on its own. He said the extra investment would give companies the tools they need to stay safe from cyber-attack, but that industry had to do more as well.
“Companies need to protect their own networks, and harden themselves against cyber-attack.
The starting point must be that every British company is a target, that every British network will be attacked, and that cyber-crime is not something that happens to other people,” he said.
“At the heart of cyber-security is a painful asymmetry between attack and defence. It is easier and cheaper to attack a network than it is to defend it. And the truth is that this asymmetry is growing.
“A few years ago mounting a sophisticated cyber-attack meant having all the skills that each stage of the attack required, from gaining access to the network to designing the payload that was to go into it. But in the past few years, an on-line market-place has developed, which means all the elements of an attack can now be bought and assembled from the computer of anyone with the money to pay for it.
“The barriers to entry are coming right down, and so the task of the defenders is becoming harder. All of this is reflected in the cyber breaches that we see reported with increasing frequency and increasing severity.”
Airmic said the Chancellor’s comments would be welcomed by risk managers, especially news of the extra investment in cyber-security.
“We know from our own research that cyber-security is near the very top of member priorities,” said technical director Julia Graham. “We shall be monitoring what difference the extra government funding will make in practice and how companies can use it to support their own cyber-security efforts.”
Airmic is currently carrying out its own work on cyber-security and with a view to unveiling the first results in 2016.