Raising awareness not only among the public, but within businesses, about cyber security is crucial for the future of industry.
James Quinault CBE, director of the Office of Cyber Security and Information Assurance at the Cabinet Office, thanked the National Security conference in London for "giving time to cyber" after the UK government ranked it as a tier one threat.
However Quinault said that there is a problem of too much UK intellectual property getting stolen and the government sees this as a security issue in its own right, as too much loss can damage innovation.
“The sad thing is if people did the basic things and used tools and techniques that are readily available now [it would minimise that loss]; so we need to get the message out that this should be looked at by the board level and not just IT departments,” he said.
“It is all very important with this outreach activity, and we need to keep going on it, but until people feel that you can make money by being good at this and that you lose money by being bad at it, and the fall where you are taken to the cleaners by some massive attack, I don't think people will invest as much as they should.”
Quinault said that the priority going forward should be the market mechanisms to make it worthwhile to be secure, and the main initiative should be a badge of honour to prove security. “It is not for government to write the standard, but government has a role to play to get them to take off in the marketplace,” he said.
Asked about board responsibility on cyber leadership, Quinault said that while government felt that there should be a senior information risk management representative on the board, it was up to all board members to understand the key information assets in their company, and how they are protected.
“We must not expect people to be technical ninjas to get this, in a way that could be unhelpful because at root this is a not a technical issue, as it is fundamentally about what is important to your company in terms of data and information and how keep your company open and flexible while protecting those crown jewels,” he said.
Earlier he announced that the recent spending review by the Chancellor has given an extra £210 million, on top of the £650 million allocated in 2010. Quinault said that this will help continue the Cyber Security Strategy programme into 2015/2016.
In terms of how the money will be spent, he said it was about: building sovereign capability to detect and defeat high-end threats; working with companies that run and manage our critical national infrastructure; making sure to pool best practice within industry so it is a genuine national response; raising awareness about the problem; investing in skills to keep pace with the problem; and working with international partners to determine laws in cyber space.
He went on to talk about areas of increase for government in internet security, including a three-fold increase in staffing at the Police e-crime unit.
He said: “What is the priority for this? It is taking it to the next level with the creation of the National Crime Agency, which the government is determined should be more than the sum of its parts. Cyber will be one of the key pillars of the new agency and it should give us a platform to join our effort with our international partners and go after the bad guys, and persuade them that it doesn't make good business sense to target UK firms and individuals.”