05 December 2024

Paul Holland, CEO, Beyond Encryption

One area of improvement that doesn’t seem to capture as much attention as it deserves is the UK’s cybersecurity strategy, which is concerning given the increasingly threatening nature of the UK’s cybersecurity landscape. With research revealing that over 50% of UK businesses reported experiencing some form of cyber security breach or attack in the last 12 months, it is clear that we are facing a heightened level of threat.

The growing threats from cyber attacks were acknowledged as part of the Labour Party’s campaign which centred around the need for change. With technologies such as AI creating a more sophisticated and dangerous cybersecurity landscape, this threat will only continue to increase. This highlights the need for both the government and businesses to act now to safeguard the UK’s digital future. But what actions should governments and businesses be taking?

The power of digital transformation in modernising the UK’s cybersecurity

One of the most common vulnerabilities across a wide range of industries is a reliance on legacy systems which were not built to withstand today’s evolving and aggressive cybersecurity landscape. Research has revealed that more than two-thirds of UK businesses still use legacy systems to run their core operations, and a worrying 60% of customer-facing applications also rely on these outdated technologies.

As legacy systems were developed at a time when cyber threats were much less sophisticated and challenging, these technologies are now especially vulnerable to modern, tech-savvy cyber threats. These systems also run on outdated operating systems, which is extremely concerning as this means they no longer receive the critical security and patch updates which prevent them from being easily exploited by cybercriminals.

Now that we find AI is enabling threat actors to launch more sophisticated attacks easier than ever before, it is crucial for businesses to recognise the importance of moving away from legacy systems and react accordingly. This transition is no longer a “nice to have” but a requirement for survival against the growing cybercrime wave.

An often overlooked aspect of building cyber resilience is a continued reliance on traditional postal communications. As UK businesses are continuing to digitally transform, they should look at replacing traditional postal services with secure, digital alternatives. Recent data from Ofcom’s Residential Postal Tracker revealed that 54% of consumers stated they do not want to receive post from any organisation, with 70% stating they would rather receive email communications. This clearly shows that now is the time for businesses to make the transition towards digital alternatives to help strengthen security and align with customer preferences. Businesses should leverage encryption and authentication technologies in place of traditional postal communications to ensure that all data is protected across its entire journey and enhance overall security. This method is also much cheaper and more efficient than traditional postal communications, which are increasingly being exploited by fraudsters.

Why legislative action is crucial to the UK’s cybersecurity strategy

With the Autumn Budget fast approaching, the Labour Government will without a doubt be deep in conversation about its priorities for the upcoming year. Given how quickly the cyber threat landscape is evolving, bolstering the UK’s cybersecurity must be at the forefront of these discussions around upcoming priorities and policy. The Labour Government must provide a statutory underpinning to the UK’s cyber hygiene by introducing legislation which mandates the transition away from legacy systems to modern, more secure alternatives. With both the public and private sectors continuing to rely on legacy technologies and opening themselves up to a world of different threats - a strong legislative framework is the key to compelling organisations to regularly update their infrastructure. This will allow them to stay afloat during the growing cybercrime wave and keep colleagues and customers across the UK safe once and for all.

Just as the Government invests in the military to protect the nation against physical threats, the same treatment should be given to safeguarding the nation from hidden, digital dangers. With recent cyberattacks, such as the NHS cyber attack, demonstrating how detrimental these incidents can be - cybersecurity must be considered a key requirement to protect the UK’s infrastructure from cybercriminals.

Generating cybersecurity awareness amongst consumers and businesses

As the cyber threat landscape continues to become more sophisticated, public education is essential in helping to mitigate risk. The Government must put initiatives in place to raise awareness and provide both consumers and businesses with the resources they need to stay safe from cybercriminals. This process should begin from the bottom up by educating those who are least familiar with cyber risks as a cybersecurity strategy is only as strong as the least cyber-savvy individuals. By empowering the public, the Government will be able to foster a culture of cyber resilience and readiness across the nation.

Throughout its campaign, the Labour Government demonstrated a commitment to driving meaningful change. With this in mind, it is time for them to introduce the measures that we need to keep businesses, consumers and their data safe once and for all. By providing statutory underpinning to the transition away from vulnerable legacy technologies, prioritising the use of secure digital communications and spearheading cybersecurity awareness initiatives - the UK can fortify its defences against the cyber threat landscape once and for all. This decisive action is the only way to ensure a safer digital future for all, and we hope to see the Government take action sooner rather than later.