Government and public sector should be leading the way on cybersecurity

Erika Lewis, director of cybersecurity and digital identity at DCMS said too many firms are still not managing their cyber risks

Posted 24 June 2021 by Christine Horton

Despite progress made in recent years, many organisations are still not acting to properly manage their cyber risks.

That’s according to Erika Lewis, director of cybersecurity and digital identity at DCMS. Lewis was speaking at Think Digital Partners’ Think Cybersecurity for Government 2021 event this week.

Lewis said that DCMS figures show that two out of five businesses have suffered a cyber breach or attack in the last year. DCMS is currently conducting a review of business resilience and cybersecurity to identify what more can be done to drive action on digital resilience. This includes a call for action on improving cybersecurity and supply chains and managed service providers.

For the public sector and government, she said that “if we expect industry to improve their digital resilience, we certainly need to lead the way.”

She said: “We should be using the excellent guidance and support on offer from the National Cybersecurity Centre. We need to build the culture in our organisations which supports good cybersecurity right from the boardroom. Help people support the systems required for cyber resilience. It’s becoming evident that cyber skills are needed at every level quickly to ensure that the cybersecurity skill level rises in accordance with the need that digitization and job opportunities present.”

DCMS latest research shows 48 percent of UK businesses have a basic cybersecurity skills gap and 30 percent of UK businesses have an advanced cybersecurity skills gap.

“If we don’t close this gap, we risk new technologies being developed without security in mind, and we will potentially develop an economy which is reliant on vulnerable products and services,” she said.

“Ideally, we’d start with a cyber-savvy cohort of young people entering the market. We’ve made great progress to date with approximately 50,000 individuals aged between 11 and 18 years old through our cyber first programmes last year. In particular, we’re proud to have supported 11,000 young women through the cyber verse skills programme.”

Need more diversity in cybersecurity

Lewis noted that the cybersecurity is still male dominated, with only 16 percent of roles filled by women at senior levels. This drops to only three percent of senior roles that are filled with people from ethnic minority backgrounds.

“This simply isn’t good enough,” she said. “We will only be successful in our cybersecurity if we’re able to draw on the widest possible pool of talent.

Lewis said the recently-established UK Cybersecurity Council will oversee the cybersecurity profession and develop its professional infrastructure. This will include agreeing standards and pathways to help inspire young people and the current workforce to enter cybersecurity roles.

“This will provide more confidence for UK organisations to understand their needs and to recruit accordingly, and to help address diversity parties,” she said.