The government's investment in cyber security is embarrassing, according to security experts.
The government announced plans to invest £650m over a four-year period on cyber security, after the 2010 National Security Strategy rated cyber attacks as a 'Tier I' threat.
Further reading
Cyber security roundtable: The next steps for government Government launches cyber security information-sharing partnership Analysis: Recruiting an army of cyber guardians
The money was allocated to a four-year National Cyber Security Programme (NCSP), which is now incorporated under the UK's Cyber Security strategy, announced at the end of 2011.
In the UK cyber security strategy document, the government claims that "despite a tight fiscal situation, we set £650m aside over four years to develop our response [to cyber threats]". Judy Baker, founder of the Cyber Security Challenge UK, believes that this shows how highly Whitehall regards the Cyber Security strategy.
"The government has recognised the importance of the issue by investing £650m at a time when it was not investing in other areas," she said.
But Bob Ayers, former US cyber intelligence officer at the department of defence slammed the idea that a £650m investment would be enough.
"Let's not go round patting ourselves on the back, saying that government has recognised the problem and is actually spending money on it," he said. "Over 20 years ago the US government had an organised cyber security programme with 155 assigned staff and a $100m-a-year budget - and that was a continuing $100m a year."
He added: "Now, 20 years later, the UK is spending a phenomenally smaller figure and starting into [its cyber security strategy] and we're saying this is good? No, this is embarrassing."
Mark Brown, director of information security at professional services firm Ernst & Young, agreed that the amount spent is not a big sum of money.
"£650m over four years, when you calculate that, equates to £2 per UK national per year and when you look at that statistic, it shows that the investment isn't that large," he said.
Baker added that a short-term investment will not solve the problem and that there needs to be a longer, continuous investment - something that is not happening appropriately from either companies or government, at the moment. Another concern is the lack of a plan, at least in the public eye.
"What happens when the £650m stops? Where is the government commitment to the next pot of money after that? Because we're not far off from that, and people need to be planning now to spend that sensibly," Baker said.
More information on how the government is expected to spend its budget on cyber security in the first two years of its strategy can be found here.
