In a statement to launch its second Annual Review, CEO of the National Cyber Security Centre (NCSC), Ciaran Martin, has warned business leaders that he has little doubt that the UK will at some point be “tested to the full,” by a major security incident.
The NCSC reveals it has defended the UK from an average of more than 10 cyber attacks per week in its first two years of operation, helping to support with 1,167 cyber incidents – including 557 in the last 12 months. The majority of attacks against the UK are carried out by hostile nation states.
Addressing the CBI Cyber Conference, Ciaran Martin says: “The Internet was not designed with security in mind and, from a security perspective, there are significant flaws in the way it operates. As we move into our third year, I’m confident that the NCSC will continue to provide the best line of defence in the world to help us thrive in the digital age.”
In a report issued just last week, the Department of Health and Social Care estimated the cost to the NHS of the 2017 WannaCry attack as approximately £92m. This breaks down to lost output during the attack of £19m, IT cost during the attack of £0.5m, and a whopping £72m of IT cost in the aftermath of the attack.
In addition, over 19,000 appointments were cancelled, causing disruption to a significant number of patients.
‘Securing cyber resilience in health and care’ details the work that has been done since WannaCry to improve cyber security across the NHS. This includes implementing the National Data Guardian’s ten new data security standards. Good progress is reported to have been made in the standards relating to people and process, but requirements relating to technology continue to be “challenging”. It is positive that all Trusts and Foundation Trusts (with one exception) now have a board member with responsibility for cyber security.
NHS Digital is also trialling intervention programmes to help Trusts to accelerate progress towards Cyber Essentials Plus standard. These programmes provide packages of support shaped by engagement with local organisations to understand their needs.
If today’s warning from the NCSC is to be heeded, this programme of work cannot proceed quickly enough. WannaCry was damaging enough – but the threat of more serious attacks is ever present.
