Skip to main content


Volume 656: debated on Wednesday 13 March 2019

7. What steps his Department is taking to help improve the cyber-security of public and private sector organisations. (909766)

Our world-leading national cyber-security strategy, supported by £1.9 billion of transformational investment, sets out the steps that we are taking to defend our people, deter our adversaries, and develop the skills and capabilities that we need. Our vision is that, by 2021, the UK is secure and resilient to cyber threats and prosperous and confident in the digital world.

I was concerned to read that three quarters of FTSE 350 companies are not aware of the risks associated with businesses in their supply chain, particularly with businesses with which they have no contact. What steps are the Government taking to ensure that their own suppliers understand these vulnerabilities?

As ever, my hon. Friend is absolutely right to raise this very important issue. Companies must do more to understand their supply-chain risks. Our cyber essentials scheme extends our influence to organisations that provide products and services to Government; it specifies standards that will improve their cyber-security. We use contractual arrangements to ensure that they help those in their supply chains, often small companies, to be more secure.

Technology can help deliver public services which are better, smarter, more tailored and put people in control, but that requires investment in people, processes and equipment. The 2017 WannaCry attack on the NHS was a consequence of a lack of investment in all three. What is the Minister doing specifically to give local authorities and other public service deliverers the resources and the skills that they need to ensure secure digital public services?

The hon. Lady is absolutely right to raise the challenge of cyber-security, but we have responded to that challenge. That is why we have created the National Cyber Security Centre, funded by £1.9 billion of additional money. On the WannaCry incident, we have learned the lessons since that attack and we are, for example, rolling out Windows 10 across the NHS.

We know that 43% of businesses experience cyber-security breaches each year and, as we have just heard from my hon. Friend the Member for Newcastle upon Tyne Central (Chi Onwurah), we know that half of all local authorities in England still rely on unsupported server software. We know from the Minister himself that the Government have no idea how many cyber-attacks hit Government. Does the Minister accept that we need a new approach? We need to look at how we foster cultural cyber-change and we need to look at how we put the public good rather than private interest back at the heart of Government cyber strategy.

The hon. Lady says that we have no idea of the level of attacks. I am happy to set out the number for her. We have already managed more than 1,100 major incidents through the National Cyber Security Centre. The national cyber security strategy is delivering, for example, the removal of more than 4.5 million malicious emails every month, and the taking down of 140,000 fraudulent phishing sites. This strategy is bringing together the commercial side and the Government side and it is delivering.

We are out of time, but we must hear the question of the right hon. Member for Loughborough (Nicky Morgan).