In the wake of a historic victory in the U.K. 2024 general election, Sir Keir Starmer’s Labour government has the kind of majority most Prime Ministers can only dream of. Security experts, meanwhile, are dreaming of more investment in cybersecurity following a year in which hospitals, businesses and even government agencies fell victim to cybercriminal attacks.
Can Sir Keir Starmer Bring Positive Change To Cyber-Defense Now He’s Prime Minister?
The Labour Party election campaign was based upon one core concept: change after 14 years of Tory rule. Will that change stretch to cybersecurity policy? What does the new Labour government bring to the cybersecurity table? Of course, it is far too early to declare any concrete policy changes, given that the new Prime Minister has only been in office for a matter of hours. However, the Labour Party manifesto did recognise the threat from cyber-actors to our safety and security. “They specifically called out the growing emergence of hybrid warfare including cyber attacks and misinformation campaigns which seek to subvert our democracy,” Adam Pilton, a cybersecurity consultant at CyberSmart and former police detective investigating cybercrime, said.
A Strategic Defence Review has been proposed by Labour, to take place within the first year of the new government. The manifesto stated this would set out the path to spending 2.5% of GDP on defense. At the annual CyberUK defense conference this year, the message was clear, Pilton said: “Nation-state actors, particularly China, pose a significant threat to our country and the businesses within it. The Labour Manifesto directly speaks of China and the need for a long-term and strategic approach to managing our relations. They propose an audit of our bilateral relationship.”
The strategic review will undoubtedly be critical in determining how successful the U.K. is in defending virtual borders and an increasingly online population. “I urge Sir Keir and the Labour Party to speak with a broad spectrum of people across the cyber security industry,” Pilton concluded, “including those at the front line of law enforcement activities.”
What Should The New Prime Minister Prioritize When It Comes To Cyber?
It’s a new day, a new government and yet another Prime Minister for the U.K., but what does Sir Keir Starmer need to prioritize when it comes to tech and cyber security?
“For all the election noise, cyber security was absent, Al Lakhani, CEO at passwordless multi-factor authentication vendor IDEE, said. “But as the dust settles on this election and a new party comes to power, continuing to overlook cyber security would be a grave mistake.”
I mean, Lakhani has a point: the electoral commission, NHS hospitals, and countless U.K. businesses have all been hacked in recent months. How many attacks are too many, Lakhani asked? While a strategic review is both welcomed and needed, the U.K. is lagging behind in security digital infrastructure, Lakhani said: “It’s time for the government to wake up, smell the coffee and develop a plan to change this.” It’s also time for businesses to act with a radical shift away from outdated security defenses and to embrace “state-of-the-art, same device MFA 2.0 solutions to crush phishing and password-based attacks.” Lakhani would say that, of course, but it doesn’t make it any the less vital. However, it is hard to see how the government could step in to accommodate and encourage such change.
Where change could come, according to Mark Coates, vice-president EMEA at Gigamon, is by the government playing a greater part to ensure that “cybersecurity is a boardroom priority in all organizations with accountable outcomes, given that the U.K. is at high risk of a catastrophic ransomware attack.” Sir Keir should take decisive action and hold all businesses to account for improving levels of cyber-preparedness, Coates said, “through more robust and comprehensive legislation that ensures cyber security is taken more seriously.”
This could mean advocating for building cyber resilience through proactive strategies, secure-by-design principles, and visibility into everything that is coming in and out of an organization, including encrypted data., according to Coates. “They must also lead by example, taking steps to secure the public sector itself, especially critical national infrastructure, as the traditional IT and security strategies underpinning these organizations are no longer sufficient for the extent of today’s sophisticated threats.”
I have approached the U.K. Government Cabinet Office for a statement.