This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

UK's £650m cyber security strategy 'failing SMEs'

Share this article:

The UK government's flagship £650 million National Cyber Security Programme has been accused by some of its private sector partners with lacking co-ordination and failing SMEs in the battle against the cyber threat.

The four-year programme, launched in Nov. 2011, started more than 40 initiatives last year, with around three-quarters of the £260 million spend going to the government's GCHQ spy surveillance centre and other intelligence and defence agencies.

This year, the programme has involved more government organisations than the core players of GCHQ and CPNI (the Centre for the Protection of National Infrastructure) – including BIS, UK Trade & Investment, the Foreign Office, OCSIA and even the Territorial Army. But this has produced a backlash from the private sector companies increasingly being enrolled to help deliver the programme.

“There are too many people involved and there isn't a great deal of co-ordination," said one private-sector source, who did not wish to be named.

Departments such as BIS, UK Trade & Investment, the Foreign Office and OCSIA are talking to the private sector about cyber security and they don't all have the specialist knowledge to know the best advice they should be giving. I think it's confusing to companies, the source said.

“Already companies are having to try and have a GCHQ relationship and a CPNI relationship – because the co-ordination between the two of them isn't perfect by a long chalk," the source said. He believes it's tough enough for big companies with many relationships with government. "It is even tougher though for small companies who do not have the contacts in the right parts of government to get help.”

David Garfield, managing director of cyber security at BAE Systems Detica, which helped pilot the programme's latest cyber incident response scheme, said: “It is a complex domain and has necessarily involved lots of different partners across government to try and be involved in that response. Because it is big and complex, I think there is a challenge in co-ordinating and making that coherent. I think what we're seeing is becoming increasingly coherent and there is more co-ordination going on.”

Meanwhile, Etay Maor, fraud prevention manager at IBM-owned cyber crime prevention specialist Trusteer, criticises the lack of information-sharing that private-sector cyber specialists are getting from their government partners. He provides information, he said, but rarely hears back from the government. "A lot of people feel it is a one-way street.”

Other experts voice concerns about the government's failure to help SMEs prevent cyber attacks and data breaches.

For example, Steve Durbin, global vice president of the nonprofit Information Security Forum – whose members include the government's own Cabinet Office, said he'd like to see an increased focus on the need for resilience and raising awareness on providing guidance for small businesses.

“I'm thinking in particular about issues around storage of data, whether that be in the cloud, for instance, or on personal devices. Both of those are exceptionally attractive to the small to medium enterprise because of the cost, and yet they also have inherent issues from the security standpoint that I'm not sure all business leaders are aware of. So we need a lot more effort to raise the level of awareness in that space.”

Other experts see some gains while expressing concern for priorities. Mark Sparshott, EMEA channels director at security-as-a-service provider Proofpoint, said: “it is encouraging to see a government that appears to understand the scale of the challenge our nation faces. However it is disappointing to see more emphasis on investment in investigating and accurately recording the number of incidences of cyber crime rather than providing practical advice to businesses and individuals on how to implement security best practice.

“The best-practice knowledge and technologies to combat the vast majority of cyber crime exist today. However the awareness within consumers and business (particularly small and medium businesses) is distinctly lacking, and so this is one area of ‘prevention' that all governments need to focus more time and investment on."

One planned 2013 government initiative will provide targeted cyber threat information and advice for SMEs, but this has not yet materialised.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

Cyber security still a learning curve for most companies

Cyber security still a learning curve for most ...

Poor network visibility, outdated security tools, a skills shortage and a lack of control in the cloud are just some of the reasons companies are struggling with cyber-security, say two ...

WorldPay hacker sentenced to 11 years for role in £6 million scheme

WorldPay hacker sentenced to 11 years for role ...

An Estonian man, who helped hack payment processor RBS WorldPay in 2008, has now been sentenced to 11 years in prison for his involvement in the £5.9 (US$ 9.4 million) ...

'Sophisticated' Chinese hackers launched attacks against 43,000 computer systems

'Sophisticated' Chinese hackers launched attacks against 43,000 computer ...

A new report reveals that a Chinese cyber-espionage group is closely affiliated with government and carried out attacks against the likes of Fortune 500 companies and government agencies.