Publication of the McPartland Review of Cyber Security and Economic Growth
The report, due to sensitivities around government publications during the 'pre-election period', has been made available on Stephen McPartland's LinkedIn and X (formerly Twitter). Consequently, the government will not be able to issue a formal response until after the General Election on the 4th July.
The reports looks into the relationship between cyber security and economic factors such as productivity, competitiveness, innovation and global leadership. Stephen McPartland emphasises that a robust AI Strategy will not be possible without a clear strategy that incorporates cyber resilience and recovery into the economy.
Through roundtables, the Call for Views and additional evidence, the report identifies key themes within the cyber ecosystem. One major theme is the critical importance of security and resilience within the UK's supply chain. Stephen McPartland advocates that a holistic approach to cyber security should be taken to ensure the significant gap in understanding of the impact of cyber security is understood by Board and Director level. Tailored support should also be given to small to medium-sized companies in areas such as education and skills.
The report found better communication is needed on the return on investment in cyber security. It is vital that companies are given the support needed to address issues such as technical debt, vulnerabilities and basic cyber hygiene. Additionally, the cyber security workforce requires substantial investment. Stephen McPartland suggests that changing the narrative around cyber security will help to attract more talent to the sector.
Addressing obstacles and barriers requires a two-pronged approach, the report suggests that using non-legislative levers will help to address the dynamic and complex nature of cyber threats. The government should do more to incentivise the adoption of cyber security practices through cyber insurance, governance, reporting and transparency.
Recommendations
The report presents 16 recommendations across four main themes:
-
Investing in Cyber Security
- Cyber Charter: Stephen McPartland calls for the creation of a Cyber Charter to enable large companies to share expertise and resources with third-party suppliers.
- Guidance for Companies: Guidance should be published on Companies House and GOV.UK to help companies integrate cyber security standards.
- Bank Requirements: Banks should mandate that all new small businesses have tangible and measurable security controls.
-
Education, skills, training and good cyber hygiene
- UK Cyber Security Council: The government should support the UK Cyber Security Council to become fully independent, industry-led, and self-funded. Stephen McPartland recommends that the public sector should become the first adopters of UKCSC Professional titles.
- Skills Gap Review: A review should focus on the cyber security skills gap, emphasising diversity challenges and opportunities.
- Awareness Programmes: Programmes like CyberFirst and the NCSC's Cyber toolkit should be leveraged to raise public awareness, including updates to the school computing curriculum.
-
Cyber resilience and recovery
- Ransomware Payments: Stephen McPartland suggests tightening rules on ransom payments and increasing incident reporting.
- National Initiatives: Programmes like Cyber Griffin, offering free services from the City of London Police, should be expanded nationally.
- Cyber Governance Code: The upcoming Cyber Governance Code of Practice should be an operational resilience requirement for businesses. Large organisations should also be required to disclose digital risk governance and resilience in their annual reports.
-
Improving the UK's strategic advantage
- Private Sector Solutions: A private sector-led product assessment solution should be developed with the NCSC and industry.
- Green and Net-Zero Technology Security: Partnerships with universities should focus on securing green technologies essential for a net-zero economy.
- Tougher Sanctions on Cyber Crime: The government should work with the Home Office to impose tougher sanctions on cyber criminals.
- Showcasing Support: The government should help businesses showcase their products and services, especially in critical digital infrastructure, on both national and international stages, emphasizing the UK's commitment to 'secure by design'.
What it means for cyber security.
Initially, it was expected that the highly anticipated report would be delayed due to the upcoming General Election. However, Stephen McPartland chose to independently publish the paper on his own channels. With the government unable to respond, the true impact of the recommendations remains to be seen.
In developing the report, Stephen McPartland engaged with a diverse array of businesses and stakeholders within the cyber sector, ensuring he gained a well-rounded perspective of the landscape. Insights from these consultations, as well as the preview he gave during an interview at CyberUK, highlighted Stephen McPartland’s commitment to producing tangible recommendations and emphasised the importance of collaboration between industry and government to drive forward economic growth in cyber security.
The report addresses numerous concerns and barriers regularly highlighted by techUK in its discussions with government officials. It underscores the necessity of creating incentives that go beyond legislation to drive change, foster innovation, and support the growth of SMEs in the sector.
As the new government takes office, it is crucial that they give these issues the attention they deserve. A prompt and committed response from the government is essential to sustain the momentum and support the ongoing expansion of the cyber security sector.