EY comments on Government's Cyber Security Strategy Update
Mark Brown, Director of Information Security at EY said:
"We welcome the Government's announcements on the use of private sector capability to help the public sector tackle cyber security risks. Closer collaboration between the two sectors is key to protecting the UK against increasing cyber criminal threats in the future.
"However, the creation of a cyber reserve and a UK Computer Emergency Response Team (CERT) does not go far enough. The level of threat continues to grow at a pace that cannot be met through part time action. Cyber criminals are redefining the term organised crime and in many respects are more organised than the community seeking to protect businesses from cyber crime and information security. A reserve force, made up of retired information security professionals, runs the risk of being unable to keep pace with the changing technologies and risk mitigation practices necessary to maintain a strong defence. At the same time information security professionals employed in business are unlikely to be able to dedicate the time to provide the necessary support.
"Therefore, although a step in the right direction, the creation of a cyber reserve represents a stepping stone in the UK Government's Cyber Security strategy rather than a final solution. The end result will require a dedicated and full time capability, fulfilling the needs of both private and public sector, working in partnership with those professionals at the "coal-face" in industry as well as the government nerve centres, such as GCHQ (Government Communications Headquarters). This is the only way to ensure that the UK Government's Cyber Security Strategy does not leave UK Plc exposed to the risks posed by cyber crime that knows no jurisdictional boundaries."