Below is the text of the speech made by Matt Hancock, the Minister for the Cabinet Office and Paymaster General, at the Institute of Directors in London on 3 March 2016.
It’s incredibly fitting that we’re meeting today in this wonderful building, with its rich history. Until 1978 this was home to the United Service Club for senior military personnel – who 75 years ago were defending our homes, businesses and way of life against foreign aggressors.
I’m told Ian Fleming was a regular here while he served, and I can’t help but think of a line from the new cyber-savvy Q in Skyfall:
I can do more damage on my laptop sitting in my pyjamas before my first cup of Earl Grey than you can do in a year in the field.
I’m glad to see you all made it out of your pyjamas this morning. But Q had a point. It’s not just soldiers, sailors, airmen, and policemen we need to protect our assets and livelihoods today. Today a line of code can ruin lives just as any bomb or bullet.
In a digital, interconnected world, we need the involvement of everyone in society to keep that society safe – particularly the leaders of the business world.
Much of our critical national infrastructure is in your hands, critical infrastructure like our energy and water supplies, our transport system and our phones.
And it goes beyond that, increasingly to our e-mail and social media correspondence, even our credit card details and online accounts.
With the advent of smart products and intelligent environments, this smart world already includes my watch, and one day soon perhaps my fridge or my car.
If the predictions are true and 200 billion smart devices exist in the world in 2020, we are going to rely hugely on the private sector to keep us safe in cyberspace.
In protecting this infrastructure the interests of government and business align. We are all invested in the success of the digital economy and we all have a shared responsibility to keep it secure.
It’s the duty of government to keep people safe. We will play our part, but in the war against cybercrime, you’re the Home Guard.
That job boils down to 3 imperatives: recognition, response, and reward. We need to recognise the scale of the challenge. We need to respond to it. And we need to reap the rewards of the digital revolution.
We’re moving away from the 20th century all-encompassing state to a smart government you can hold in the palm of your hand.
We’re uploading the state, and have one of the most digitally advanced governments in the world.
That enables us to provide targeted and bespoke services driven by real people, not Whitehall diktat. That opportunity can’t be ignored.
But as we move more services and operations online the range of potential targets increases. Our mission to deliver better services for citizens is entirely dependent on our ability to protect our networks, users and data.
And so is yours. If people don’t think the information you’re storing online is safe, that’s a business risk. They expect you to get it right.
Financial loss can be measured and insured against, but the trust your customers and suppliers place in you cannot.
As one of the most advanced digital economies in the world, with 12.5% of our economy now online, we’re in a unique position to benefit from digital. But that makes us uniquely vulnerable to cyber attack too.
Ninety percent of large businesses and 74% of SMEs reported a breach in the past year. The average cost for a severe breach is nearly £1.5 million at a minimum for big firms. For SMEs it’s over £300,000.
Last summer GCHQ responded to twice as many incidents against networks of national significance as in the same period the year before – and the figure is rising rapidly.
The volume and sophistication of attacks is increasing, as is the range of perpetrators.
So let us first recognise the challenge. Next let us co-ordinate our response.
The report the Institute of Directors is publishing today shows that your members increasingly appreciate the seriousness of the threat, but that too many are under-prepared for dealing with it. That leaves you open to attack.
This matters to me. So we’re going to invest £1.9 billion over the next 5 years in cyber security.
We’re going to make the UK one of the safest places to do business online, scaling up disruption activity, making us a tougher, more resilient target and making us better able to protect our interests in cyberspace.
The report you’re launching today underlines the growing importance of sharing information between government and industry.
In future that will only become more imperative. That’s why we’re going to establish a new National Cyber Centre – a single point of contact for business, and a unified platform that provides all the support, advice and intelligence industry needs.
Through it we will bring together responsibilities from across government, build new capabilities and share more information with industry, so we can handle major incidents in real-time, around the clock.
The National Cyber Centre will cover critical national infrastructure, as well as wider business, and will reach into the world of secret intelligence as part of government.
But the scale of this challenge is too great to be tackled by any one organisation. It’s a fight we can only win if business, academia, law enforcement and government stand shoulder-to-shoulder, working together both in this country and internationally.
We must create a world-class cyber security ecosystem where innovation thrives, businesses get the investment they need, and our shared expertise evolves as quickly as the threats we face.
That’s why we’re setting up a £165 million cyber and defence fund to invest in the next generation of cyber-security companies.
We’re working with startups through our Early Stage Accelerator programme, and we’re establishing a cyber security innovation centre in Cheltenham.
We’ve also launched our third annual cyber governance health check, providing companies with confidential tailored reports allowing them to address their weaknesses.
Fifty-eight percent of FTSE 350 firms now use our ‘10 Steps to Cyber Security’ guidance, and we’ve published tailored guidance and free e-learning for SMEs. I recommend you use it.
If we’re hard-nosed in recognising the challenge and the opportunity and respond as swiftly as we can, we have a better chance than anyone of surviving and thriving in the new digital world.
So, third, the rewards on offer are extremely valuable. In government it means we can use digital to redesign how the state operates and empower citizens to take control of their services.
For the private sector too, cyber security offers huge opportunities. The industry was worth £17.6 billion to the UK in 2014, employing 100,000 people – up 40% in a year.
We’re in the top 5 exporters in the world, with the global export market worth £28 billion and growing by 20% each year.
All of us – industry, academia and government alike, need to step up to the skills challenge in order to address this growing market.
That’s why I can announce today that we’re significantly expanding our Cyber First programme.
Currently, 20 talented undergraduates are sponsored through university and then guaranteed 3 years of public or private sector cyber security work. We’re going to boost this to 1,000 students by the end of 2020.
I want to do everything we can to make sure the next time this country produces an Alan Turing, an Ada Lovelace or a Tim Berners-Lee, we give them the tools and opportunities they need to change the world, as we’ve done so many times in the past.
And it’s good business sense for you too to take on more apprentices and to nurture the best talent. It puts you in a position to capitalise on the rewards offered by the cyber industry, and it helps us as a country close the gap between where we are and where we need to be.
So let’s work together to recognise the challenges we face, respond energetically to them, and make sure we have the capability to reap the rewards of the cyber revolution.
The challenges have changed since 1903, when the Institute of Directors was set up. That was the same year as the first transatlantic radio broadcast – a 54-word greeting from President Theodore Roosevelt to King Edward VII that ushered in a new era of global wireless communications.
But the principles are the same. Members of this organisation have witnessed several technological revolutions and successfully steered this country’s industry through them.
Today the internet presents the most radical step forward in humanity’s collective capability the world has ever seen.
It is already a vast opportunity. And so too a new threat. Let us rise to the challenge together and seize the rewards for humanity that this great innovation offers.