Businesses in the United Kingdom need to take cyber security more seriously, the new National Cyber Security Council (NCSC) Chief Executive has said

Lindy Cameron, in her first speech as Chief Executive, said the UK cannot be complacent about  cyber security, despite its “relative strength”. She pointed to recent global incidents such as the SolarWinds and Microsoft Exchange attacks.

She said: “Cyber security is still not taken as seriously as it should be, and simply is not embedded into the UK’s boardroom thinking.

“The pace of change is no excuse - in boardrooms, digital literacy is as non-negotiable as financial or legal literacy.

“Our Chief Executive Officers should be as close to their Chief Information Security Officer (CISO) as their Finance Director or their General Counsel.”

She said the NCSC, which advises private companies and public bodies on how to counter cyber security threats, must build on the UK’s “world-class cyber detection and investigatory capabilities” but also get declassified, usable insights “to people who can do something with them.”

She said: “We need to work still harder to share intelligence and insights across law enforcement with industry at scale and pace and be prepared to take action ourselves to counter threats directly where necessary.

“But - and I cannot stress this enough - we need to build communities at the national level that can act on that information to protect themselves and others.

“That has to be the next phase for national cyber defence in the UK, and by definition it’s something that government cannot do by itself.”

Cameron stressed the need to ensure that the “ever-increasing” amounts of data generated and processed by internet companies are properly protected and privacy managed.

She also said the NCSC is trying to increase diversity in cyber security, not just of skills, but of “thought and background” and said the agency’s CyberFirst Girls competition “helps to increase the number of women in cyber security.”

She said the NCSC would try to ensure the next generation of commodity technologies “don’t repeat the security mistakes of the past” and said critical infrastructure needs to be made as hard a target as possible for those that might seek to disrupt it.

Register for free to receive the latest data protection and privacy news and analysis straight to your inbox