Public trust in digital services and the ability of the digital economy to continue to thrive could be at risk in the UK without a step change in cybersecurity, supported by action from government, business and researchers, according to a new report by the Royal Society. This will require an ambitious programme of research and innovation to generate new security approaches and products, as well as establishing clear standards and kitemarks to help users identify trustworthy digital products and services
Progress and research in cybersecurity, published today, also calls for:
- a review of the oversight structures for cybersecurity in the UK, looking forward to what will be needed in the next 5-10 years as the emphasis shifts between state security concerns and personal data security issues
- government commitment to preserving the robustness of encryption and promoting its use
“Digital systems are increasingly integrated into our lives and digital industries in the UK grew 32% faster than the rest of our economy between 2010 and 2014. But with technology developing at a spectacular pace, the security that protects us and our data is at times struggling to keep up. We need to maintain public trust in the systems we rely on. That means organisations need to invest more in cybersecurity, as well as demonstrate how secure they are to earn the trust of users.” said Professor John McCanny, co-chair of the Royal Society working group who wrote the report.
Professor Andy Hopper the other co-chair added. “We are entrusting more and more information about ourselves to digital systems and that is shifting the balance between personal security and national security. Although ‘backdoors’ into devices and systems can help security services, they also increase the opportunities for criminals to break in. As the stakes for individuals get higher, they may be less likely to accept this trade-off. This also means we may want oversight of cybersecurity to be in the hands of more open and transparent public bodies. The government is already taking welcome steps towards greater openness, but the UK should consider whether it should go further in the future.”
The Royal Society report examines four areas; trust, resilience, research and translation and recognises the UK’s strengths in cybersecurity. It recognises good progress in the UK in addressing many of the issues but calls for constant improvement. Other recommendations cover the need for greater sharing of information relating to security breaches and threats, greater support for research and international collaboration and the need to support universities and businesses to apply the UK’s technical expertise to deliver a step change in cybersecurity research and knowledge.