Achieving tangible impact in the cyber ‘gold rush’

Detective Chief Inspector Fiona Bail, NCRCG’s National Cyber PATH lead

We are currently in a period of cyber ‘gold rush’ where organisations are increasingly waking up to the importance of cyber resilience as a priority and searching for effective ways that resilience can be achieved – in other words ‘panning for gold’. Last Wednesday, I had the opportunity to speak as part of a panel at CYBERUK 2024, ’24-Carat or Fool’s Gold? Improving National Resilience’ to consider exactly that.

Alongside fellow guest speakers from the National Cyber Security Centre, the Department for Education and BT, we had an insightful discussion about how we can strengthen the cyber resilience of the communities we serve in a way that has a discernible impact. Not by doing something that on the face of it seems like a good idea but something that actually makes a difference.

Our conclusion was that there isn’t one magic fix that will make cyber resilience a reality across all organisations or, taking it a step further, that will make cybercrime obsolete. The only way we’re going to achieve real and lasting impact is if we work together so that we can identify high value ideas and ensure they are cascaded across the cyber community.

We can’t take a siloed approach to cyber resilience – it just doesn’t work.

Any police officer working in cybercrime will tell you that criminals typically do not actalone. They work as part of a network, sharing in the success of a phishing attempt or a hack.Think how powerful we could be, as a UK economy, if we worked together to combat cybercrime. 

This is why NCRCG was formed, joining together policing and government, with larger organisations and academia, to provide a coordinated approach to cyber resilience amongst the SME community. Our nine regional Cyber Resilience Centres which, with NCRCG, form the CRC network, are ‘on the ground’ speaking to businesses directly about the cyber challenges they face and the simple but effective steps they can take to become more cyber resilient. 

By sharing learnings across the network – whether it be tactical advice around a particular phishing attempt or success stories in how best to engage with small business leaders – we are starting to build up the cyber resilience of this prominent but too often forgotten end of the supply chain.

Significantly, we are also seeing real interest from larger organisations who are keen to work with us in supporting the SME community and share their own insights. Since the beginning of this year alone, we have welcomed three companies on board as NCRCG National Ambassadors – SASResilience and Baseel – who, together with fellow Ambassador companies, are helping to drive forward our collective mission to improve national resilience.

Participating in the panel at CYBERUK provided an excellent opportunity to reflect on the importance of this type of collective action and knowledge sharing. Importantly, the conference more widely, provided the chance to engage with individuals and organisations across a range of sectors in both the public and private spheres, bridging the lessening but still-present gap between the two.

My main takeaway: cyber resilience is not the responsibility of one but the responsibility of all.