Keir Starmer is being pressured by cyber experts to urgently prioritize new legislation to protect the UK against attacks and catastrophic system failures.
A report from the Chartered Institute of IT (BCS) listed a series of recommendations after the last month saw more concerns about Russian cyberattacks on the UK linked to disinformation about the Southport attack, and a major disruption that brought down planes, trains, hospitals, broadcasters and countless businesses.
The government listed the Cyber Security and Resilience Bill in the King’s Speech but there are fears that it is not a sufficient priority.
BCS recommendations include requiring companies’ boards of directors to include a member who will be responsible for the company’s cybersecurity.
It also wants to see a new cybersecurity code of practice with mandatory requirements for reporting breaches.
It wants companies to be forced to invest more in cybersecurity workforces, ensure resilience is part of their business plans and have more monitoring to detect problems.
The BCS called on the government to create a support unit for small and medium-sized businesses.
Rashik Parmar, chief executive of BCS, said: “The cost of cybercrime to the UK economy runs into billions of pounds each year.
He highlighted the Crowdstrike outage caused by a Microsoft update that caused chaos in the UK and around the world with computer systems failing.
Parmar said: “The recent cyberattack on the NHS in London and the outage of Crowdstrike IT was a wake-up call. Lives are at stake and we must ensure our systems are secure and resilient by default, not as an afterthought.”
He added: “We need to have transparency from the tech giants who have such a huge impact on our everyday lives. We must also have a government that clearly recognizes the importance of cybersecurity being integrated into the DNA of our national infrastructure.”
The call came after the former Minister of Security Stephen McPartland pointed the finger at Russia for using social media teams and bots to spread the discontent that led to the recent riot by far-right activists in Southport following the murder of three girls and the stabbing of seven others.
Mr McPartland carried out a review in cyber security and resilience in the UK, which Rishi Sunak’s government was unable to implement due to the early election.
But he stressed it was available for the new Labor government to use with recommendations including getting big companies to share intelligence and support systems.
The issue was highlighted in a letter to the The Independent by Ross Burley, co-founder and executive director of the Center for Information Resilience.
He said: “The Center for Information Resilience has consistently highlighted the tactics used by state actors like Russia to spread disinformation and manipulate public opinion – including through support for the far right. Their work, especially on projects such as Eyes on Russia, demonstrates the importance of verifying information and combating false narratives that seek to undermine social cohesion and democratic processes.
“We must collectively prioritize developing greater cyber resilience and media literacy. This includes educating the public on how to critically evaluate the information they find online and holding social media platforms accountable for the content they allow to proliferate.
“Our response must be proactive and comprehensive. It is imperative that the government, technology companies and civil society organizations work together to combat disinformation. This collaborative approach is essential not only to prevent incidents like the Southport riots, but also to safeguard our democratic values against malicious interference.”
A spokesperson for the Department of Science, Innovation and Technology said: “This government is committed to delivering economic stability by making our public services more resilient to cyber threats – including from foreign countries such as Russia and China.
“That’s why, in the King’s Speech, we unveiled the Cyber Security and Resilience Act, which requires providers of essential infrastructure and digital services to protect their supply chains against attacks.”
The DSIT said the bill will put regulators in a stronger position and require broader reporting of cyber incidents, including when organizations are held to ransom, so that we can better understand and address vulnerabilities across the economy and society.
