Companies must take responsibility for cyber security at board level to tackle the exponential growth in attacks, the government has urged.
The warning comes as ministers launch a Cyber Security for Business booklet to encourage company chief executives and chairs to take a direct interest in protecting their businesses from cyber threats.
In a foreword to the booklet, Iain Lobban, director of the government’s intelligence agency GCHQ, said the organisation was experiencing cyber security threats on an unprecedented scale, including intellectual property theft and attempts to steal commercially sensitive data and access government defence information.
“The magnitude and tempo of these attacks, basic or sophisticated, on the UK and global networks pose a real threat to the UK’s national security. The mitigation of these risks and management of these threats – in other words, cyber security – is one of the biggest challenges we face today,” he said.
Download in-depth reports on cyber security Cyber Vulnerability Index 2012 Data protection masterclass: Global privacy Cyber risk perceptions: An industry snapshot Advanced cyber security intelligence The cyber-savvy CEO: Getting to grips with today’s growing cyber threats
“The technical level of cyber attacks is growing exponentially. What was considered a sophisticated cyber attack only a year ago might now be incorporated into a downloadable and easy-to-deploy internet application, requiring little or no expertise to use,” said Lobban.
Foreign secretary William Hague, minister responsible for GCHQ, said: “A networked world brings many advantages. But cyberspace – and cyber crime – knows no borders. Businesses must be alert to the dangers. Drawing on GCHQ’s experience, and working with industry, the government is committed to helping reduce vulnerability to attacks and ensure that the UK is the safest place in the world to do business.”
The new cyber security guidelines released by CESG, the information security arm of GCHQ, the Department of Business, Innovation and Skills, and the Centre for the Protection of National Infrastructure, intends to help the private sector minimise the risks to company assets.
The guidance builds on a key objective within the Government’s Cyber Security Strategy to work hand in hand with industry and make the UK one of the most secure places in the world to do online business, said the body in a statement.
