UK urged to prioritise reform against cyber attack risks

Cyber experts are urging UK ministers to prioritise reforms in response to the underestimated threat of cyber attacks on national infrastructure.

The head of the National Cyber Security Centre (NCSC) is expected to warn in his first major speech about the risk to UK infrastructure.

Julian Hayes, Partner at BCL Solicitors, commented on the situation, "The cyber threat to the UK's critical national infrastructure has been starkly highlighted by NHS cyberattacks, as well as the recent debilitating assault on the British Library. The previous Government promised reforms to regulations protecting CNI but these did not materialise."

"Earlier this year, the new Government also announced plans to reinforce the UK's cybersecurity resilience, with a Bill set to be introduced in 2025. Today's urgent warning from the NCSC should spur Ministers on to prioritise these reforms to shield UK infrastructure and citizens from the indiscriminate assaults of hostile state actors and their proxies."

Will Richmond-Coggan, Partner at Freeths LLP specialising in data breach and cyber incident litigation, remarked, "Just as it is said that the easiest time to sell hurricane insurance is right after a hurricane strikes, so most businesses lack any real appreciation of the risk posed by cyber-attacks. Some labour under the mistaken belief that they are not the type of entity likely to be targeted, but many attacks are indiscriminate and opportunistic. Others invest in technology solutions without taking the time to train staff or explain to them why good cyber hygiene is important."

"When even an accidental incident like the CrowdStrike outage can cause such significant disruption, there is no excuse for even the most complacent businesses to be dismissive of these risks. Theft of assets or IP, reputations harm, breaches of customer contracts, regulatory intervention, and protracted and costly litigation are only some of the risks that every business that depends on computers and an internet connection ought to be preparing for."

James Castro-Edwards, Counsel at Arnold & Porter, highlighted, "Richard Horne, the head of GCHQ's National Cyber Security Centre will warn today that the UK is underestimating the severity of the online threat it faces from hostile nations and organised criminals. In the first major speech since his appointment in October, Horne is expected to warn, in light of a significant increase in serious cyber incidents in the last 12 months. The defence and resilience of critical infrastructure, supply chains, the public sector and our wider economy must improve."

"However, commentators have suggested that organisations are not listening. UK businesses, public authorities and charities should take heed and take action to address the increasing threat of serious cyberattacks, particularly ransomware attacks. Often, serious attacks arise from simple failings, such as an employee clicking on a malicious link, which could have been avoided through robust staff training."

Experts emphasise that the UK needs to address vulnerabilities through adequate reforms and training to mitigate potential cyber threats to its critical infrastructure and economy.