Richard Holmes is Senior Vice President of Cyber Security services at CGI UK. A member of NCRCG’s National Ambassador Steering Group, Richard brings with him over 25 years’ experience in the development and provision of secure IT systems and capabilities.
“Cyber is one of those topics that business leaders often shy away from, partly because there is a lot of technical jargon. Conversations around cyber can trigger a mental block in people when, actually, there are straightforward and pragmatic steps that can be taken to make both individuals and businesses more cyber resilient.
“It is all about thinking about cyber resilience in a business context and really understanding the risks an organisation faces and what needs to be prevented. If, for example, a particular part of an organisation’s IT system went down, would that affect the end delivery of the business? Could the business cope until the issue was resolved? If not, is there a backup process in place to make sure all employees and customers can keep doing what they need to do?
“It may be a case, in the first instance of taking a simple step, like making sure the right processes and procedures are in place when people are entering and leaving an organisation so that there aren’t any new risks being introduced to the IT system or gaps left open. Not all solutions require a lot of investment.”
CGI works across all market sectors in the UK, including in defence, intelligence, and local and central government, as well as in energy, utility, telecoms, financial services and retail. Across all these sectors, cyber security is a priority.
“For decades, our clients in the intelligence and defence sectors have taken cyber resilience very seriously as you would expect; it was and continues to be a core part of their requirements. Increasingly though, we found that the approaches and concerns of clients in those sectors were becoming commonplace across all our clients. That is why nine years ago we set up our current structure at CGI where we have cyber security as a horizontal capability delivery centre which allows us to better provide our capabilities across the whole of our client set.
“Now, all the organisations we work with treat cyber security as a priority. Each year, we carry out a survey which we call CGI Voice of Our Clients. As part of this, we interview about 1,500 businesses in a consistent way to better understand the factors affecting their market, their priorities, their approaches. When we ask our clients what their top priorities are – whether business or IT – they consistently mention cyber security more often than any other.”
The reason for this, Richard argues, is a combination of factors. These include business priorities, such as improving the customer or citizen experience, an increased awareness of cyber security, and the changing threat landscape.
“At the moment, we are in the middle of an Information Age revolution where connectivity, data and the number of devices are all exponentially growing. This innovation naturally opens more opportunities for cybercriminals and is driving the need for cyber security across the business community. Many businesses have experienced cyber incidences in recent years and the disruption caused is often a wake-up call for leaders to make sure their businesses are cyber resilient moving forward.
“Whilst we still have a long way to go, there is also a greater understanding of the importance of cyber security. To help support this, last year we launched our CGI Cyber Escape Experience which is a cyber security-themed escape room built inside a shipping container. Since then, we have taken the experience to a number of locations around the UK, engaging with everyone from business leaders to employees to schoolchildren. Whilst it is intended to be a fun, teambuilding experience, it definitely leaves you with some take-aways relating to cyber security and has proven to be really successful at engaging people in cyber in a light-touch way.”
Committed to ensuring cyber resilience across the UK economy, being an NCRCG National Ambassador is an excellent cultural fit for CGI. For Richard, there are three reasons he is lending his ability and support.
“Firstly, I think it’s fantastic that the Cyber Resilience Centres (CRCs) are providing undergraduates with real, workplace experience in combatting cybercrime. Helping to developing a strong talent pipeline in cyber is very important to us at CGI. We have over 5,000 employees in the UK and this year alone we are recruiting over 200 graduates; the more of those that have some practical experience, like that being offered by the CRCS, the better. We find that people who have spent some time working in a related business during their study hit the ground running faster; they join the organisation more confident that they’re going to be doing what they want to be doing and have general business skills that are very useful.
“Secondly, the fundamental goal of the CRCs is to help small and medium-sized businesses (SMEs) to improve their cyber resilience, cost effectively. It is a way of positively encouraging SMEs across the supply chain to take simple and economical steps to strengthen their cyber security, rather than trying to enforce it as part of a contractual requirement, for example. It is important that, across the UK, we are taking this kind of bottom-up and top-down approach.
“Finally, whilst NCRCG is national in scale, it is regional in its implementation which chimes with our metro market model at CGI. Just like the CRCs, we work locally with our clients so that we can really understand their needs and tailor the services we are delivering. The NCRCG Steering Group will be working to provide important insight at a macro level and support solutions from across the CRC network, whilst making sure regionality continues to be recognised.”