Policy paper

McPartland review of cyber security and economic growth: terms of reference

Published 6 February 2024

This was published under the 2022 to 2024 Sunak Conservative government

Summary

An independent review into cyber security as an enabler to build trust, resilience and unleash economic growth.

Background

  1. The government is committed to improving cyber security in the UK as a priority to achieve its aim of establishing the UK as a democratic and responsible cyber power, able to protect and promote its interests as a sovereign nation in a world fundamentally shaped by technology.

  2. The National Cyber Strategy sets out our approach to protect and promote the UK’s interests in and through cyberspace, and to realise the opportunities of digital technology for our economy and our citizens.

  3. We must improve the UK’s cyber resilience to the most significant cyber risks. Since the publication of the National Cyber Strategy, we have become more secure against cyber attacks, and we have taken decisive action against our adversaries. We must, however, search for opportunities to accelerate work that improves our defences and enables economic prosperity.

  4. Technology is developing faster than ever, and, in an increasingly unpredictable world, our adversaries are seeking to use this change for their own advantage. We must ensure the UK retains its edge in the face of future cyber security challenges. The importance of UK science and technology as the driving force behind these efforts, with a significant focus on research and development, cannot be understated. Through UKRI the government has invested in four cyber research institutes, five centres for doctoral training and 19 universities who are accredited as Cyber Security Academic Centres of Excellence.

  5. The government cannot implement the National Cyber Strategy alone. We need a whole of society approach, where government and industry work in partnership - to defend as one - to make us all more resilient as a nation.

Purpose

6.The National Cyber Strategy sets objectives to support the growth of the UK’s cyber security sector and to support and create innovative technologies as part of our ambition to be a science and technology superpower.

7.The review will assess the economic benefits that can drive down the cost of delivering effective cyber security for all sectors of the economy, leading to a safer and more secure environment for delivering services and conducting business.

8.Within the approach set out in the National Cyber Strategy, the review will make recommendations on how to achieve the following aims:

  • giving business confidence to digitise faster, building on investment in more secure online environments. The review will seek evidence to assist businesses to make the case for investment. Where businesses have successfully used cyber security as a market differentiator and as an enabler of innovation, the review will consider the success factors and how further economic benefits could be gained
  • increasing support for UK business’s adoption of good cyber security practices. The review will look at a range of issues businesses face, including the real-term cost of cyber security, and how they could be driven down
  • fostering greater awareness, accountability, and acceptance of the benefits of cyber security through transparency measures, with a particular focus on how the information generated could be used to price insurance risk and in doing so help businesses better target their investments in cyber security
  • minimising costs borne by businesses and consumers. The review will look at how investment in security can be a demonstrable enabler of growth, and
  • opening markets for UK businesses through mutual recognition of our domestic standards on the international landscape.

Leadership

9.The Deputy Prime Minister and the DSIT Secretary of State have appointed The Rt Hon Stephen McPartland MP as review Chair with overall responsibility for the review and its outputs.

Approach and process

10.The Chair will gather and consider a range of evidence and consult widely with a diverse range of stakeholders including public sector bodies, industry, and experts in different fields.

11.The Chair will consult with the National Cyber Advisory Board.

Governance

12.This is an independent review, with the Chair responsible for delivering the review outcomes and supported by a review secretariat, accountable to the Deputy Prime Minister and the DSIT Secretary of State.

Outputs

13.The review will produce a report including a set of recommendations which will be submitted to the Deputy Prime Minister and the DSIT Secretary of State by the 1st of May 2024. Ministers will then decide on next steps.