UK cybersecurity policies are outdated, says Illumio Director; will Rishi Sunak address the problem?

Rishi Sunak’s new government has a long list of challenges ahead, but his appointment does create new hope to bring about change in the UK business landscape, especially in terms of UK cybersecurity, digital and cyber infrastructure. The new PM will be responsible for keeping the economy afloat whilst also bringing more positive changes to the country.

Cybersecurity amid a global economic crisis…

We are in the middle of a global economic crisis driven by energy shortages and soaring costs of living. While some may overlook cybersecurity compared to other issues, the rising threat is harming UK businesses and citizens – which is also reflecting significantly on the economy. In fact, the UK is now the third most targeted country (behind the US and Ukraine), and ransomware is now dominating discussions at the government’s recent COBRA meetings.

THE Median cost of cyberattacks in the UK has also risen by 29%

The median cost of cyberattacks in the UK has also risen by 29% this year, with an average attack costing UK businesses nearly £25,000. Legacy regulations and compliance practices are no longer enough amid increasingly sophisticated threats. If security practices and policies don’t evolve rapidly, businesses will likely face catastrophic consequences in an already hostile economic market.

The new leadership can offer the potential for a fresh approach. So, what opportunities can businesses expect with the new government regarding security regulations and compliance?

Why is UK cybersecurity lagging behind the US?

Compared to its biggest ally, the United States, the UK has ground to make up when it comes to national security advice and strategies. Traditionally, the UK followed the EU’s guidance for security regulations and data governance. However, the shuffling caused by Brexit has slowed down the pace of security strategising on a national level.

With the recent election of a new government, the country has an opportunity to rethink and align its security guidelines with current industry standards. In the US, the federal government lays out a lot of the compliance and regulatory framework, which serves as the building block for most organisations’ security practices.

Zero Trust is a proactive security framework

We want to see the UK government follow in a similar fashion. For example, the Biden Administration was one of the first governments to incorporate Zero Trust as a part of its national cybersecurity strategy. Zero Trust is a proactive security framework that requires all users, whether inside or outside the enterprise network, to be authenticated, authorised, and continuously validated before granting any access request. It’s a robust strategy that is underpinned by an ‘assume breach’ mentality – whereby the focus switches from simply preventing attacks to stopping the spread of breaches and minimising their impact.

The changes in the cabinet have diminished the sustainable growth of cybersecurity in the UK. Consequently, the country is playing catch up with the rest of the western world. So, if the new government brings more stability, we might see the UK gain significant traction and introduce more effective policies that can make its industries more resilient to the current onslaught of cyberattacks.

Hackers sat round table in dark room lit up by some blue lights breaking server using multiple computers and infected virus ransomware
© Maksim Shmeljov

How cybersecurity plays a pivotal role in ongoing global crises

Threats like ransomware take significant sums from the country’s economy every year, and this cost is only increasing. With interest rates and operational costs rising across industries, businesses cannot afford to lose a significant portion of their assets to continual cyberattacks. The government must ensure cybersecurity is considered a priority as part of its effort to support businesses during the ongoing economic crisis.

As governments focus on controlling inflation and solving the disparity in energy supply and demand, the threat actors are utilising this distraction to target critical national infrastructure (CNI). This is evident from the increase in supply chain and ransomware attacks on CNI organisations throughout this year.

The infamous WannaCry ransomware attack on the NHS in 2017 cost the UK economy over £10 million in one day

At a time when power supplies are running low and the healthcare sector is suffering from an overwhelming shortage of staff, any successful attack on such industries can cripple the economy and damage social mobility. The infamous WannaCry ransomware attack on the NHS in 2017 cost the UK economy over £10 million in one day and critically jeopardised the health of hundreds. If attacks on CNI organisations keep rising at the current rate, we are bound to see similar incidents again.

That’s why the UK government needs to apply an equal focus to cybersecurity and ensure that its CNI sectors become more resilient to the growing digital threats. Such organisations must adopt policies and equip themselves with proper cyber resources to defend against threats proactively and mitigate the damages even if a breach does occur.

Will the UK cybersecurity industry gain traction with the new government?

The new cabinet brings a lot of significant changes that can be positive for cybersecurity.

We are seeing a new Secretary of State for DCMS (Digital, Culture, Media and Sport), which could bring a new security-focused vision to the public sector.

Also, the new PM Rishi Sunak has an extensive background in the finance sector, an industry that faces high risks from sophisticated attacks. In 2022, nearly 63% of financial institutions recorded a spike in destructive attacks. The new PM will likely be well aware of the threats facing this critical industry, and I hope to see more skilled and experienced leaders appointed to take charge of the nation’s cyber initiatives.

UK cybersecurity must follow in the footsteps of US innovation

The new government has also emerged with a promise to bring innovation to the front of the UK’s national progression. For me, what I would like to see is the UK follow in the footsteps of the US and incorporate Zero Trust as a part of their guidance and advice to UK organisations.

Almost every damaging cyberattack includes privileged account compromise. As a proactive strategy, Zero Trust eliminates implicit trust within a network and validates user identities at every stage of digital interaction. In our latest research, 81% of the Zero Trust Segmentation Pioneers (i.e. those with the greatest Zero Trust Segmentation maturity) stated their investment in this strategic solution was critical in preventing breaches from becoming cyber disasters. By communicating or mandating the urgent adoption of this strategy, the government can boost cyber resilience for businesses across all industries – and consequently uplift the falling economy.

As every new government assesses ongoing business and economic needs, Zero Trust should be front and centre of security-based discussions. There is a big opportunity for the new government to reassess and update the guidance and regulations for businesses of all sizes across all industries to reflect resilient cybersecurity practices.

Security leaders and professionals expect the new government to bring the much-needed pace into the national cybersecurity agenda. We want the government to play a more prominent role in increasing security awareness and promoting proactive strategies. This would significantly benefit small and medium businesses, which often don’t have sufficient resources or guidelines to build resilience to cyberattacks.

Overall, I hope to see the new government collaborate more effectively with the public and private sectors to improve the nation’s security preparedness and foster cyber resilience across industries. The new government must leverage the experience, expertise, and influence of the private sector to drive more innovative cybersecurity policies across the entire economy.


Written by Adam Brady, Director, Systems Engineering, EMEA at Illumio


Please enter your comment!
Please enter your name here