The Uk’s National Cyber Security Centre (NCSC) was officially opened on the day of love, 14 February 2017. However we are not in love with cyber it is a nasty evil that is a global threat to individual citizens, businesses and governments.

As I prepare to chair the Cloud Expo Security theatre on March 15 at Cloud Expo I have been researching recent news and the most prominent is the opening of the NCSC.

Here is what the Chancellor of the Exchequer said at the launch of the NCSC: ‘Our digital sector is also the best in the world – contributing a bigger proportion of our GDP every year than any other country in the G20.’

The UK is a big target for cyber criminals. He went out to quote:

  • 83% of UK businesses are online
  • 65% of large businesses reported a cyber breach or attack in the past 12 months
  • The ONS estimate that there were two million such incidents (cyber) in the past twelve months alone. If these numbers were included in our crime figures, the UK’s crime rate would double

A report dated December 2016 ‘Cyber security regulation and incentives review‘ is a worthwhile read as it sets the UK government’s policy on how it will combat cyber threats.

Here are some notable extracts (my emphasis in bold) from the report and I encourage you to read the whole document (27 pages).

The responsibility for keeping the UK, its economy and its citizens safe is shared. Every business, charity and institution up and down the country must realise that cyber security is their job as much as it is Government’s. Only when the effort is concerted and persistent can we fully tackle this challenge.

Effective cyber security risk management is vital to the success of the UK economy and to ensuring the safety of citizens. However, Government is clear that any interventions need to be proportionate. It does not want to overburden businesses and organisations with unnecessary regulatory requirements.

For now, Government will not seek to pursue further general cyber security regulation for the wider economy over and above the GDPR. It should ultimately be for organisations to manage their own risk in respect of their own sensitive data (e.g. intellectual property) and online presence. The Review findings also suggest that the impact of other regulation would anyway be limited, and unlikely to be effective enough to outweigh the burden on business. Imposing specific requirements could also encourage a ‘compliance’ culture rather than proactive cyber risk management. Government will however pursue a number of new non-regulatory interventions to incentivise better cyber risk management, in support of the existing business engagement strategy. These will mostly be delivered through the National Cyber Security Centre, providing advice and guidance to organisations and incentivising them to improve their cyber security risk management.

There is still time to register for Cloud Security Expo 2017 Excel London on March 15 2017 at

This article was also published on LinkedIn on 4th March 2017