The UK government has announced a £90m ($120m) injection into cybersecurity aiming to strengthen the nation’s cyber resilience.
Revealed at the UK National Cyber Security Centre’s (NCSC) annual CYBERUK conference on April 22, Dan Jarvis, the UK’s Minister for Security, said the funding would help provide support to small and medium sized businesses.
Javis said alongside this that, the government aims to help organizations implement the Cyber Essentials standard.
Last summer, quarterly certifications surpassed the 10,000 milestone for the first time. Speaking to media during CYBERUK, Jonathan Ellison, NCSC Director for National Resilience, said the uptake for Cyber Essentials in the last financial year was up around 20% compared to the previous.
He noted this is the best year the program has had but would like to see greater uptake.
Jarvis has also called for every major organization to sign a new Cyber Resilience Pledge which will be launched in the summer.
Businesses will be able to become signatories if they take three concrete actions to increase their security:
- Make cyber security a board-level responsibility
- Sign up to the National Cyber Security Centre’s free Early Warning service
- Require Essentials certification across their supply chains
While this government approach spears to be a valiant effort to push cybersecurity to those who need it most, some in the industry have been quick to criticize.
James Neilson, SVP of International at OPSWAT, said whilst the investment is “nice on paper and helpful for SMEs” it is “nowhere near enough” to address the scale of the problem.
“SMEs either have small security teams or none at all, so it’s not just a funding issue but also a knowledge issue,” he said.
Neilson advocated for the UK government to heavily invest in support and guidance.
Along similar lines, Trevor Dearing, director of critical infrastructure at Illumio, said, “What many small businesses lack is practical guidance on how to protect sensitive data and keep critical services running when incidents occur.”
Speaking to Infosecurity at CYBERUK, Jonathan Lee, Director of Cyber Strategy, TrendAI said, “I think the government and the NCSC are saying the right things, but we have to move from this position of gently encouraging organizations to do things, providing advice and guidance to providing some incentive for them to do so.”
Regarding incentives Lee noted that things like tax credits should be explored further.
“Let’s incentivize people to invest more in their resilience because ultimately, we’re told it’s a team sport and everyone needs to work together. If we can incentivize people to do that, that would be a good thing,” he said.
At the moment, UK businesses developing innovative technology cybersecurity solutions, including cybersecurity, can claim through Research and Development (R&D) tax relief to reduce Corporation Tax or receive cash payments.