It is unclear whether the UK’s strategy against cyber threats is value for money due to failings in the way the Cabinet Office established its current programme, a report has claimed.
£1.9 billion was allocated for the 2016 National Cyber Security Strategy, which included £1.3 billion of funding for the National Cyber Security Programme 2016-21 to ramp up the country’s online defences.
The UK is one of the world’s most internet-enabled economies, making it a prime target to threats from hostile countries, criminal gangs and individuals.
As the programme reaches it’s mid-point, the National Audit Office (NAO) has come to the conclusion that the Government does not know whether it will meet goals by 2021 and has questioned its value for money.
Difficulty dealing with complex and evolving cyber threats was partly to blame, but the Cabinet Office did not say whether the £1.9 billion of funding was ever sufficient, the report states.
“Improving cyber security is vital to ensuring that cyber attacks don’t undermine the UK’s ability to build a truly digital economy and transform public services,” said Amyas Morse, the head of the NAO.
“The Government has demonstrated its commitment to improving cyber security.
“However, it is unclear whether its approach will represent value for money in the short term and how it will prioritise and fund this activity after 2021.
“Government needs to learn from its mistakes and experiences in order to meet this growing threat.”
Findings showed that the programme had reduced the UK’s vulnerability to specific attacks, mentioning “tangible results” reported by the National Cyber Security Centre (NCSC) since it was established in 2016.
54.5 million fake emails were blocked in 2017-18 thanks to an NCSC-developed tool, driving down the UK’s share of global phishing attacks from 5.3% to 2.2% in two years.
The NAO is recommending that the Cabinet Office works out which parts are having the greatest impact and are most important to address, as well as consulting widely when looking beyond 2021.