Cybersecurity experts are pressing Keir Starmer to prioritise new legislation to protect the UK from attacks and catastrophic system failures.
A report by the Chartered Institute for IT (BCS) has listed a series of recommendations after last month saw increased concerns about Russian cyberattacks on the UK linked to disinformation about the Southport attack and a major outage crippling planes, trains, hospitals, broadcasters and dozens of businesses.
The government included the cybersecurity and resilience bill in the King’s Speech, but some fear it is not a high enough priority.
The BCS recommendations include requiring corporate boards to include a member who will be held accountable for the company’s cybersecurity.
She also wants to see a new cybersecurity code of practice, with mandatory requirements for reporting breaches.
She wants companies to be required to invest more in cybersecurity staff, ensure resilience is part of their business plans and exercise increased monitoring to detect problems.
The BCS called on the government to create a unit to support small and medium-sized enterprises.
Rashik Parmar, BCS chief executive, said: “The cost of cybercrime to the UK economy is billions of pounds each year. It’s not just about money, it’s the very fabric of our society that’s at stake. We cannot afford to be complacent.”
He highlighted the Crowdstrike outage caused by a Microsoft update which caused chaos in the UK and around the world with computer systems crashing.
Mr Parmar said: “The recent cyber attack on the NHS in London and the Crowdstrike IT outage have been a wake-up call. Lives are at stake and we need to ensure our systems are secure and resilient by default, not as an afterthought.”
He added: “We need transparency from the tech giants that have such a huge impact on our daily lives. We also need a government that clearly recognises the importance of cybersecurity in the DNA of our national infrastructure.”
The call comes after former security minister Stephen McPartland pointed the finger at Russia for using social media teams and bots to stir up discontent that led to the recent riot by far-right activists in Southport after three girls were killed and seven others stabbed.
Mr McPartland led a review into cybersecurity and resilience in the UK, which Rishi Sunak’s government failed to deliver because of the snap election.
But he stressed that the new Labour government could use it to make recommendations, including encouraging big companies to share intelligence and support systems.
The problem was highlighted in a letter to The Independent by Ross Burley, co-founder and executive director of the Center for Information Resilience.
He said: “The Centre for Information Resilience has consistently highlighted the tactics used by state actors like Russia to spread disinformation and manipulate public opinion, including through support for the far right. Their work, particularly on projects like Eyes on Russia, demonstrates the importance of fact-checking information and countering false narratives that seek to undermine social cohesion and democratic processes.
“We must collectively prioritize building greater cyber resilience and media literacy. This includes educating the public on how to critically evaluate the information they access online and holding social media platforms accountable for the content they allow to proliferate.
“Our response must be proactive and comprehensive. It is imperative that government, technology companies and civil society organisations work together to combat disinformation. This collaborative approach is essential not only to prevent incidents like the Southport riots, but also to protect our democratic values from malicious interference.”
A spokesperson for the Department of Science, Innovation and Technology said: “This government is committed to ensuring economic stability by making our public services more resilient to cyber threats, including those from foreign states such as Russia and China.
“That is why, in the King’s Speech, we unveiled the Cyber Security and Resilience Bill, which requires providers of critical infrastructure and digital services to protect their supply chains from attack.”
DSIT said the bill would strengthen the hand of regulators and require broader reporting of cyber incidents, including when organisations are held hostage, so we can better understand and address vulnerabilities in the economy and society.
