DCMS cyber security newsletter - May 2022
Published 12 May 2022
1. Director’s message
This week I am attending CyberUK, the UK government’s flagship cyber security event, in Newport. Taking its lead from the National Cyber Strategy the theme of the event will be a ‘whole-of-society’ approach to cyber and how we can all work together to make our digital lives safer. I look forward to attending as it will offer me the opportunity to reconnect with colleagues and partners. If you are there, please come and say hello. It will be great to meet many people that I have only ever seen on a computer screen.
Again this year, DCMS will be sponsoring the innovation zone, which provides companies that have been through our growth programmes a chance to meet the buyers, investors and other contacts that can help them grow and develop their businesses. The zone will be a great showcase of their work. They will also have the opportunity to take part in a Cyber Den, where they will be able to pitch their products and ideas before a panel of experts.
Erika Lewis
Director, Cyber Security & Digital Identity
Department for Digital, Culture, Media and Sport
2. Call for views on tougher consumer protections against malicious apps
The National Cyber Security Centre has published a report which reveals people’s data and money are at risk due to both fraudulent and badly designed apps that can be exploited by hackers.
To provide better protection for consumers, DCMS has launched a call for views from the tech industry on enhanced security and privacy requirements for firms running app stores and developers making apps.
Under new proposals, app stores for smartphones, game consoles, TVs and other smart devices could be asked to commit to a new code of practice setting out baseline security and privacy requirements. This would be the first such measure in the world. The consultation closes on Wednesday 29 June.
Read the app security press notice for more information.
3. Cyber security skills in the UK labour market 2022 report
This month, DCMS published its annual report into cyber security skills in the UK labour market. The report found that UK businesses continue to lack staff with the technical skills, incident response skills and governance skills needed to manage their cyber security. This included 51% of companies having a basic skills gap and being unable to carry out the kinds of basic tasks laid out in the government-endorsed Cyber Essentials scheme.
The report also found that the demand for cyber security professionals has increased significantly over the past 12 month. On average, there were 4,400 core cyber security postings in each month of 2021 – an increase of 58% from 2020. This means there is an estimated annual shortfall of around 14,000 cyber security professionals.
The National Cyber Strategy sets out the government’s plans to enhance and expand the nation’s cyber skills at every level, and build a world class and diverse cyber security profession.
4. New supply chain security guidance from CPNI
To bolster protection in supply chains, including cyber security, the UK’s Centre for the Protection of National Infrastructure, in partnership with the Department for International Trade and the Chartered Institute of Procurement and Supply, have created Protected Procurement: Supply Chain Security Guidance.
Providing holistic security advice the guidance focuses on building security into the procurement process from the start, rather than conducting extensive and resource-intensive supply chain mapping.
DCMS research shows that many businesses of all sizes are not adequately protecting themselves against cyber attacks originating in their supply chains. The Cyber Security Breaches Survey 2022 found that only 13% of businesses review risks coming from immediate suppliers while only 7% address risks coming from wider supply chains.
5. Ethnic minorities in cyber symposium
Last month, DCMS funded the first ethnic minorities in cyber symposium in Birmingham. Attended by delegates and students from across the UK the aim of the conference was to discuss ways to improve diversity in the cyber sector.
The keynote speech was delivered by Simon Hepburn, CEO of the UK Cyber Security Council, who emphasised the importance of diversity in cyber teams and the steps the Council are taking to support this. Andrew Elliot, Deputy Director of Cyber Security, DCMS also spoke about the different initiatives the government has taken over the years and how they have helped improve the diversity in the cyber sector, such as Cyber Explorers, CyberASAP and UKC3 - UK Cyber Cluster Collaboration.
Find out more about the event in this blog by Cyber Quarter.
6. South west cyber centre to open in Chippenham
In May, the Swindon and Wiltshire Local Enterprise Partnership will be opening the UK’s first business-led cyber centre in Chippenham. Located at the Greenways Business Park, the Business Cyber Centre will deliver economic growth across the Swindon and Wiltshire, Cyber Valley and Western Gateway by supporting existing and emerging digital and cyber security businesses.
Swindon and Wiltshire Local Enterprise Partnership, CEO, Paddy Bradley said: “The BCC will transform the future of UK business by making cyber security a catalyst for growth. By working alongside cyber businesses and educators and having a diverse group of organisations linked to one site, the BCC will offer key support and enable significant skills and specialist job growth in our region.”
7. DCMS cyber security programme evaluations
On behalf of DCMS, RSM UK are currently evaluating some of our cyber security programmes including Cyber Runway, CyberASAP, UKC3 and LORCA. As part of this, they are currently seeking feedback from those who applied or took part in these programmes.
Surveys have been sent via email to both applicants and participants of the programmes and we would be grateful to anyone who has received one to complete it by Thursday 12 May. Your response will help DCMS improve the programmes and inform important decisions regarding future funding and policy.
You can find more information about the survey, its contents and a link to the privacy notice in the initial invitation email.