As costs of cyber-attacks increase, UK government sets up CERT-UK


Rising cyber-attacks and cybercrime are a growing cost to UK business and, according to the latest PwC/Department of Business, Innovation and skills Information security breach survey, the cost of security breaches for small business are now between £3,500 and £7,000 – a tenfold increase on 2013.

The findings come on the heels of a speech by Francis Maude MP at the end of March 2014 when, at the launch of the Computer Emergency Response Team (CERT-UK), he stated that 93% of large corporations have experienced a breach over the past financial year.

Cyber-attacks are increasing in size and cost

“The average cost of each one is somewhere between £450,000 and £850,000, although we know of one London-based company which lost £800 million worth of revenue because of an attack”, says Maude.

In an interview with Business Technology magazine, Maude states:
“The pace of change is extremely fast and as societal dependence on cyber systems and networks increases, so the opportunities for attackers to cause real harm will continue to increase.”

With the advent of digital communication, businesses and government alike are being encouraged to manage the risks associated with new technology. This is where CERT-UK, which will be led by Chris Gibson the former director of e-crime at Citigroup, will be stepping in.

CERT-UK to combat cyber-attacks and mitigate cybercrime

CERT-UK will bring together expertise from across law enforcement, business, academia and government to respond to cyber-attacks of national significance.

What are the objectives of CERT-UK?

While the finer details have not been made public, Business Technology says:

“The first objective is cyber-situational awareness. The Cyber Information Sharing Partnership (CISP), which allows governments and business partners to exchanges material on threats and vulnerabilities, will be moved inside CERT-UK.

“The second is on forming relationships with other international partners, while the third is national incident management, which will involve working with various areas of critical national infrastructure to plan, exercise and raise awareness of incident management.”

But will this be enough?

A recent piece in the Economist says the cyber strategy’s overall funding – £860m over six years – “looks woeful in comparison with billions China and America have lavished on their cyber-defences.” The same report goes on to add that:
“And about three quarters of the moolah is snaffled by spooks and soldiers, who need not detail what they do with it (in March the army admitted abandoning an anti-hacking system it had spent £46m to produce). Some fear the cash is doing more to boost cyber-weapons and online snooping than aiding Britain’s businesses.”

Join Whitehall Media’s premier Government IT Security and Risk Management conference on 24 September 2014 and hear the latest insights, tools and technologies designed to help the UK public sector secure its information and infrastructure. To find out more and to register your place to attend, please visit: www.whitehallmedia.co.uk/govsec