Keir Starmer is being pressed by cyber experts to urgently prioritise new legislation to protect the UK from attacks and catastrophic system failures.
A report by the Chartered Institute for IT (BCS) has listed a series of recommendations after the last month saw more concerns about Russian cyber attacks on the UK linked to misinformation about the Southport attack, and a major outage taking down aeroplanes, trains, hospitals, broadcasters and scores of companies.
The government has listed the Cyber Security and Resilience Bill in the King’s speech but there are fears that it is not enough of a priority.
The BCS’s recommendations include requiring company boards to include a member who will be held accountable for the firm’s cyber security.
It also wants to see a new cyber security code of practice with mandatory requirements to report breaches.
It wants companies to be forced to invest more in cyber security workforces, ensure resilience is part of their business plans and have more monitoring to spot problems.
The BCS has called on the government to set up a unit to support small and medium-sized businesses.
Rashik Parmar, chief executive of BCS said: “The cost of cybercrime to the UK economy runs into billions of pounds each year. This is not just about money; it’s about the very fabric of our society. We cannot afford to be complacent.”
He highlighted the Crowdstrike outage caused by a Microsoft update which caused chaos in the UK and around the world with computer systems failing.
Mr Parmar said: “The recent cyberattack on the NHS in London, and the Crowdstrike IT outage were a wake-up call. Lives are at stake, and we must ensure that our systems are secure and resilient by default, not as an afterthought.”
He added: “We must have transparency from the tech giants that have such a huge impact on our everyday lives. We must also have a government that clearly recognises the importance of cybersecurity being woven into the DNA of our national infrastructure.”
The call has come after former security minister Stephen McPartland pointed the finger at Russia for using social media teams and bots for fanning discontent which led to the recent riot by far-right activists in Southport following the killing of three girls and stabbing of seven others.
Mr McPartland carried out a review into cyber security and resilience in the UK which Rishi Sunak’s government failed to implement because of the early election.
But he has pointed out that it is available for the new Labour government to use with recommendations including getting large companies to share intelligence and support systems.
The issue has been highlighted in a letter to The Independent from Ross Burley, the co-founder and executive director of the Centre for Information Resilience.
He said: “The Centre for Information Resilience has consistently highlighted the tactics employed by state actors like Russia to spread disinformation and manipulate public opinion – including through support for the far right. Their work, particularly on projects like Eyes on Russia, demonstrates the importance of verifying information and combating false narratives that seek to undermine social cohesion and democratic processes.
“We must collectively prioritise the development of greater cyber-resilience and media literacy. This includes educating the public on how to critically assess the information they encounter online and holding social media platforms accountable for the content they allow to proliferate.
“Our response must be proactive and comprehensive. It is imperative that the government, tech companies, and civil society organisations work together to combat disinformation. This collaborative approach is essential not only to prevent incidents like the Southport riots but also to safeguard our democratic values against malicious interference.”
A spokesperson for the Department for Science, Innovation and Technology said: “This government is committed to delivering economic stability by making our public services more resilient to cyber threats – including from foreign states like Russia and China.
“That is why in the King’s Speech we unveiled the Cyber Security and Resilience Bill, which mandates that providers of essential infrastructure and digital services protect their supply chains from attacks.”
DSIT has said that the bill will put regulators on a stronger footing and mandate wider reporting of cyber incidents, including when organisations are held to ransom, so we can better grasp and address vulnerabilities across the economy and society.
