This year’s UK National Cyber Strategy outlined a comprehensive five-pillar plan for tackling cybersecurity. It’s a positive step, and hopefully a catalyst for collective efforts to combat cyberattacks and increase the UK’s overall capability and brand in this area. But does it go far enough?

THE STATE OF CYBERSECURITY TODAY Nowadays, cybersecurity is on the agenda for every single business, irrespective of size or vertical. And, with remote and hybrid work staying with us, organizations of all sizes are re-evaluating their risk management and defensive strategies. According to a new poll by the Institute of Directors (IoD) and covered in The Times, over 50% of business leaders believe that there is an increased risk of cyberattacks against their organizations. The Financial Times highlights the true extent of this with data from the UK’s Department for Digital, Culture, Media and Sport showing that 75% of large firms, 74% of medium firms, and 61% of small firms have sought cybersecurity threat guidance in the last 12 months.

THE UK NATIONAL CYBER STRATEGY The latest UK National Cyber Strategy defines the plan for the UK to better defend its interests from attacks, become more resilient, and build the skills needed across the workforce to enable a thriving and innovative technology and service capability. The strategy looks at what our part should be in ensuring that as the connected world evolves and becomes ever more pervasive, it remains open but with individual and group risks managed to an acceptable level—security without heavy-handed regulation or censorship. And, crucially, it recognizes that we must collaborate with our partners to achieve these things. The importance of working together as global citizens is a core thread that runs through it. THE FIVE PILLARS

Pillar 1: Strengthening the UK Cyber Ecosystem This is the most important pillar for me. Why? It is about building capability by investing in both research, business, and our workforce to drive everything from better risk management and defenses to innovation and growth. The key is the workforce: we need the right skill sets to be more resilient and to better secure our personal, business, and research interests. Without the right skill sets, companies aren’t going to be able to innovate, develop new technology and services that improve capability, or grow our global reputation in this area. It’s the skill sets we build within our workforce that will enable us to be successful.

Pillar 2: Building a Resilient and Prosperous Digital UK Reducing risk to individuals and businesses is paramount as the connected world becomes ever more pervasive. What’s vital is getting everyone to invest personally in why changes are made and new measures put in place. Fostering a better standard of risk awareness and management is the way forward, ideally without an onerous accreditation or compliance framework. There has to be rules and regulations, but the value of what is being done must be front and center so that everyone is engaged (and we don’t end up ticking boxes for the sake of it). Organizations need people to appreciate the why, not the what. And we mustn’t just focus on large businesses, as we all know small businesses are a supply chain risk and are exploited due to their relative lack of capability; advice has to be actionable for every business, not just ones with thousands of employees.

Pillar 3: Taking the Lead in the Technologies Vital to Cyber Power This one sounds good, but to me, there could be more detail around the execution of this. It would be great to take more of a lead in this area, and it comes down to investment in research, businesses, and skill sets (again). We need to ensure we have the right incentives in place for us to succeed here, but also some mechanisms for measuring the success, and value, of any incentives put in place. Pillar 4: Advancing UK Global Leadership and Influence for a More Secure, Prosperous, and Open International Order

This pillar acknowledges that to succeed, we need global partnerships and alliances from like-minded countries to create an open, connected world for everyone—a world where risks, and those who misuse information, are collectively managed. The focus on the strengthening of these relationships makes this a hugely important pillar inbuilding the prosperity of British business and the UK as a whole. Pillar 5: Detecting, Disrupting, and Deterring our Adversaries to Enhance UK Security In and Through Cyberspace The last pillar covers the continued investment in both defensive and offensive capability to keep the UK and its interests better protected—and the broader connected world a safer place. No one can argue that this is needed, but it will require alignment with partners to have a broader impact. Within the UK, the NCSC is already pushing information down into enterprises of all shapes and sizes to help them better prepare for and manage threats, and this is making a difference.

EXAMINING THE STRATEGY: ENTERPRISES AND THE INDUSTRY Overall, I think the strategy is solid. For me, it would be helpful to get more insight into what the third pillar means, as developing our capabilities, technology, services, and people—with partners—is critical to our growth. However, that could be a ‘how-long-is-a-piece-of-string’ type of question. Which technologies? There are hundreds. Which services? There are thousands. It’s hard to be specific. But I think some more detail would be useful as we move forward to help align public and private sector investment strategies. INVESTING IN THE UK’S TALENT

The plan offers support for investment in key technologies and skills that should help businesses embrace technology, up-skill their employees, and innovate. But what I’d like to understand more is how the success or failure of the key elements of the strategy are to be measured as we move forward. Darren is CTO for Security at NETSCOUT, which helps assure digital business services against disruptions.