PARLIAMENTARY DEBATE
Cyber-security - 18 January 2024 (Commons/Commons Chamber)

I know that my right hon. Friend is particularly interested in this issue following cyber-attacks in her constituency in 2019. I can assure her that we are improving cyber-security defences across critical national infrastructure and Government organisations. Initiatives such as GovAssure, which I launched last year, are setting higher standards for resilience, and the Government’s cyber co-ordination centre is enabling collaboration and information sharing on cyber-security best practice.

I add my condolences to those expressed to Tony’s family.

Cyber-security is the biggest risk that many companies face, but many small and medium-sized businesses are not insured. Buying good-quality cyber-security insurance can involve a health check to ensure that systems are protected. The UK is the world leader in insurance and Chelmsford has the largest cluster of insurance companies outside London, so will the Minister meet me and representatives of the London insurance market to discuss how an improved quality mark for cyber-security could increase the availability of cover, ensuring that businesses and public sector bodies are better protected?

I would be very happy to do so. As my right hon. Friend points out, cyber-insurance plays a vital role in helping to build resilience and we have a shared interest in developing it. The National Cyber Security Centre has stood up the cyber-insurance industry working group, which is working through all these issues. I have met with Lloyd’s of London, and both I and Treasury Ministers will be happy to have further such meetings.

Has the Secretary of State read the speech made by the Auditor General this week about cyber-security, which said that lack of investment in upgrading our infrastructure makes the Government vulnerable to cyber-attack? Is he comfortable that we are safe from such attack? Does that not show that the Tories are penny wise but pound stupid?

I am aware of the speech and I have spoken in the House on many occasions about the challenges we face on cyber-security. It is an increasing threat landscape, but the Government are taking a range of actions to improve our cyber-security, not least GovAssure, which I announced last year. That is about going through the cyber-security of all Departments to bring it up to scratch. We published the cyber-policy handbook and we have introduced “secure by design” principles so that all new Government IT procurement projects are secure from the outset.

I call the shadow Minister.

The recent British Library incident is a stark reminder of the terrifying security risk and enormous cost of cyber-attacks, and recent ministerial answers have revealed a shockingly high number of red-rated IT systems across Government Departments. I hear the Secretary of State’s words, but given that the Government’s cyber-security strategy tells us that

“transparent central governance structures will maintain oversight and responsibility for cross-government cyber security risk”,

will he now set out the Government’s timetable for remedying this shocking situation and explain how he will keep the House updated on progress?

We know about this in the first place because of the work undertaken by the Government to fully understand the cyber-security risks facing this country. We are better prepared than most countries around the world. None the less, in respect of the red- rated systems, we are developing remediation plans, all of which will be in place by next year. We are tracking progress and are confident that we will achieve over £1 billion in efficiency savings, in addition to achieving greater resilience by next year.