Security minister Dan Jarvis has pledged a more hard-edged cyber regime for UK businesses after a series of high-profile attacks on firms including Jaguar Land Rover (JLR) and Marks & Spencer exposed weaknesses in the country’s digital defences.
Speaking at the Parliament & Cyber Conference at Westminster on Monday, Jarvis said cyber incidents had moved “from the margins to the mainstream”, as recent breaches show how quickly operational disruption can spread through supply chains.
Referring to attacks on “JLR or Co-op or Marks and Spencers”, he said the impact now hits “everything from consumers to GDP”, adding” “Our collective exposure to serious impacts is growing.”
He warned that cyber crime is escalating globally, announcing : “If cyber crime were a national economy, it would be the third largest,” and citing projections that global scams will cost £27 trillion by 2027.
The minister admitted that parliament itself had historically and notoriously been slow to adopt technology, describing a decades-long “parliamentary technology gap”. Yet, he argued that delay is no longer an option as the pace of attacks accelerates.
New cyber bill
His comments come as the government’s new cyber security and resilience bill begins its passage through parliament.
The legislation will require regulated firms to report significant incidents within 24 hours, meet minimum security standards and maintain tested response plans.
Jarvis announced that the bill “will boost cyber protections for the services people and businesses rely on every single day, and it will ensure any breaches in cyber security are dealt with properly”.
The move follows the JLR attack, described by industry figures as the most economically damaging in UK history, which halted production for five weeks and cost an estimated £1.9bn.
A recent spree of breaches affecting M&S and other major British retailers have underlined the highly exposed vulnerabilities across consumer-facing sectors.
Whitehall calls on private sector
Jarvis also emphasised that responsibility rests increasingly with corporate leders.
He said that “businesses cannot be protected by the government alone”, adding that a letter had been issued to chief executives of the FTSE 350, urging them to recognise the threat and strengthen internal defences.
He pointed to new NCSC tools designed for organisations ranging from sole traders to major corporates, including early-warning systems as well as a so-called cyber action toolkit for SMEs.
As the UK prepares a new national cyber action plan, Jarvis pledges that agencies including the National Crime Agency, “will use all of the tools at [its] disposal” to pursue cyber criminals, but reiterated that resilience has to be strengthened within the private sector.
“Technology enhances everything we do”, he added. “It keeps our democracy transparent. It keeps our businesses successful, and keeps people connected and safe”.