The future belongs to the innovators; and here in Cheltenham, the home of GCHQ, we have found that innovating in cyber security technology can help to underpin our region’s future prosperity. With the government stepping in to support a local cyber innovation centre, some of the finest minds from GCHQ are now being deployed to support cutting-edge civilian business startups.
That is generating job opportunities for young people and improving social mobility. It is just the beginning of a larger vision, including a cyber park directly adjacent to GCHQ, which is expected to transform the local economy.
Why cyber security? The internet has made us richer, freer and more connected in ways its founders could never have imagined. But it has also become a vector of espionage, crime and harm. Every British company is a target, and every British network will be attacked – even the NHS, as we know from the WannaCry ransomware campaign. Each attack damages organisations and their users, as well as public trust in our collective ability to keep data safe.
Cybercrime is not something that happens to other people. According to the Federation of Small Businesses, 54 per cent of companies polled said they had been a victim of cybercrime in the last year. Accountancy firm Grant Thornton, meanwhile, reported earlier this year that British businesses lost at least £30bn in the last 12 months alone due to cyber security breaches.
The National Cyber Security Centre is the agency tasked by the government to help make the United Kingdom the safest place to live and work online. It reports to GCHQ and was created as part of a £1.9bn investment in defending national systems and infrastructure,
and supporting deterrence of cyber threats. Its mission is to develop a “whole-society capability” where all companies and individuals take the necessary steps to embed cyber security in their business and personal life.
The NCSC supports British business, with its Small Business Guide: Cyber Security providing guidance on improving resilience. Its “10 Steps to Cyber Security” guidance is now used by two thirds of FTSE 350 companies, and it is having success. The UK’s global share of phishing attacks has dropped from 5.4 per cent in 2016 to below 2 per cent in March 2019. In 2016, Her Majesty’s Revenue and Customs was the 16th most-phished brand globally; now, it is 146th, suggesting the UK is becoming a harder target.
But despite that progress, over 130,000 businesses have been affected by cybercrime in the last 12 months. The threat still remains, which is why, even at a time of flat IT budgets overall, total private sector spending on cyber security continues to rise. The UK cyber security market is valued at over £5bn annually, and is increasing fast.
That direction of travel was clear to me back in 2014, when I first set out my vision for Cheltenham to become a national cyber hub. I felt that the opportunity to take advantage of this changing landscape could be harnessed far more effectively.
Although GCHQ was employing some of the most brilliant minds in our country, as a matter of policy they were blocked from applying any of that technical know-how to support civilian startups. Technical excellence was, in effect, going to waste.
Other countries, meanwhile, were taking a far more commercial approach. In Israel, for example, the government had stepped in to build a cyber park directly next to Ben-Gurion University of the Negev to commercialise technologies that had emerged from the security sector.
So, after raising this with the chancellor at the time, George Osborne, in November 2015, the UK government decided to financially support a “cyber innovation centre” in Cheltenham. Since then, this facility has provided an ecosystem in which brilliant minds move in and out of GCHQ, bringing the deepest expertise into the private sector and the latest innovation back into government. Several cohorts of startups have already passed through its doors, raising over £35m in investment for their latest security solutions.
That government investment has, in turn, served as catalyst for the local cyber economy. HUB8, for example — a play on Bletchley Park’s Hut 8 — is a new co-working space in the centre of Cheltenham which launched earlier this year, hosting numerous digital startups in the area. Furthermore, Gloucestershire College is now offering cyber degrees accredited by GCHQ in collaboration with the University of the West of England in Bristol.
Future plans are no less ambitious. The government has committed £23m to help Cheltenham develop a cyber park adjacent to GCHQ. This 45-hectare site will become a magnet for the many local businesses currently scattered around the region that operate in the cyber security sector. And the range of expertise on offer in Gloucestershire is very impressive. Only recently I met a team of Microsoft experts based in an ordinary office block in Cheltenham who devised the patch to a vulnerability in Internet Explorer thereby protecting hundreds of millions of people all over the world.
Plans for Cheltenham’s cyber park are advanced, with road improvement works in line to start in the early part of next year. I am pressing for businesses to get on site as soon as possible thereafter.
It is an unfortunate reality that cybercrime is here to stay. “Off the shelf” tools mean that less technically savvy criminals are now better equipped than ever to extort, steal and blackmail. And criminals are becoming increasingly aware of the rich pickings on offer. But with government support, I am pleased that Cheltenham will be playing an ever greater role in fighting back.