UK security services deepen ties with business after major hacks
UK security services, including MI5 and GCHQ, are intensifying work with some of the country’s largest companies amid growing fears that cyberattacks could disrupt key industries and damage the economy.
The move follows a series of high-profile hacks, including one on Jaguar Land Rover that forced the carmaker to halt production for six weeks and led to a £1.5 billion government-backed loan to limit the damage.
Ministers are increasingly worried about the knock-on effects of cyber incidents across Britain’s supply chains and essential services.
Strengthening national cyber defences
Officials are exploring ways to strengthen the UK’s preparedness for cyber warfare, including merging existing cyber and resilience units and expanding the powers of the National Cyber Security Centre.
This could allow the NCSC to take a more active role in helping businesses defend their systems rather than relying on companies to report incidents after they occur.
Security agencies have already deepened cooperation with firms across critical sectors including energy, telecoms, finance, and food supply.
Jon Butterworth, chief executive of National Gas, said that collaboration with government, GCHQ and MI5 had intensified following last year’s cyber attack on Southern Water, which supplies 2.7 million homes. He said the utilities sector had recognised the need for constant vigilance and regular upgrades to keep ahead of attackers.
Growing threat from hostile states
While recent breaches at Jaguar Land Rover and Marks & Spencer have been linked to organised criminal gangs, the security services remain most concerned about attacks orchestrated by or linked to China, Russia and Iran.
Richard Horne, head of the National Cyber Security Centre, warned last year that there was a widening gap between the growing cyber risks and the UK’s ability to defend against them.
Businesses have increased scenario planning and so-called “red team” simulations to test their resilience, but some leaders say government reporting mechanisms are still too slow.
Marks & Spencer chair Archie Norman told MPs that the current process for alerting authorities felt “more like waiting on the phone to get through to a doctor’s surgery than contacting an emergency response.”
New cyber law on the way
In response, ministers plan to introduce a Cyber Security and Resilience Bill later this month. The new legislation will update existing 2018 regulations to bring managed service providers under government oversight and require companies to report significant breaches within 24 hours.
It will also impose tougher standards on supply chain security, an increasingly common route for hackers seeking access to critical systems.
Rebecca Harding, chief executive of the Centre for Economic Security, said that the reforms reflected a growing recognition that cyber threats posed as much risk to the economy as to national security.
“It’s welcome that services are taking these steps,” she said.
“If we can be prepared, that means we can be resilient.”
Protecting britain’s digital backbone
With attacks on Britain’s industrial, retail and infrastructure networks becoming more frequent and sophisticated, the closer cooperation between government and business signals a new phase in protecting the UK’s digital backbone from global cyber warfare.
