UK Government sends letter to businesses warning of cyber security threats

The UK Government has sent a letter to large businesses warning them of the threat posed by “hostile” cyber activity. 

In the letter, ministers recommend that businesses implement a raft of measures to secure against cyberattacks. These measures include creating hardcopies of crisis response runbooks that detail the organisation's plans in the face of a cyber-attack and adhering to the government’s Cyber Governance Code of Practice. 

The letter comes after a raft of cyber-attacks crippled UK-based businesses in the last year. Signed by Liz Kendall, the secretary of state for science, innovation and technology, and a range of other ministers and industry figures, the letter was sent to all companies in the FTSE100 and FTSE250, as well as a number of other leading UK firms. 

“Hostile cyber activity in the UK is growing more intense, frequent and sophisticated,” said the letter. “This is causing significant financial and social harm to UK businesses and citizens. There is a direct and active threat to our economic and national security which requires an urgent collective response.” 

This May, cybercriminals targeted West Lothian Council, stealing “personal and sensitive” data through a ransomware attack that targeted the council's education network. A similar attack is estimated to have cost Marks and Spencer over £300m. 

A ransomware attack is a specific type of cybercrime that focuses on stealing an organisation’s data and holding it until a fee is paid. The UK Government has moved to outlaw the payment of these ransom demands by public sector organisations, to make vital services like councils and the NHS less attractive targets for criminals.  

The letter comes on the heels of a review published by GCHQ’s National Cyber Security Centre (NCSC) that found the amount of “highly significant” cyber-attacks directed at the UK rose by 50 per cent since last September. 

“Cyber security is now a matter of business survival and national resilience,” said Dr Richard Horne, chief executive of the NCSC. “With over half the incidents handled by the NCSC deemed to be nationally significant, and a 50 per cent rise in highly significant attacks on last year, our collective exposure to serious impacts is growing at an alarming pace.” 

The review says that attacks from China, which it describes as a “highly sophisticated and capable threat actor,” are a growing concern, along with the cybersecurity threat that Russia, Iran and North Korea pose to the UK.  

“I think the NCSC report was really clear around all the threats facing us as a nation but also as individuals,” said Jude McCorry, chief executive of Scotland’s Cyber and Fraud Centre. “But what I really welcomed was the call to action around boards and CEOs and a huge focus on nationally significant [businesses] not just critical national infrastructure. We need board members and CEOs to really understand the risk they are carrying and ensure they are looking at how they would operate as a business when, not if, they have a cyber-attack.”