Following the opening of new National Cyber Security Centre in London in February (to act as part of GCHQ in Cheltenham), businesses are being encouraged to report serious data breaches to the NCSC in confidence.
Peter Yapp, the deputy director for the incident management directorate has been reported as telling an audience of journalists in a recent meeting that such confidential disclosures would not be passed on to the ICO, the UK's independent body set up to uphold information rights.
The idea that business CEOs can get a better outcome for the results of a serious data breach by contacting the NCSC first, rather than waiting to be called by them, is part of a new, more open, and outward-facing approach by the UK’s cyber security protection vanguard.
Businesses Encouraged To Collaborate
The new NCSC building in Victoria in London, opened by the Queen, is a very public part of this new initiative and is a way for GCHQ in Cheltenham to reach out and have an ear-to-the-ground presence in the hub of the UK’s business and financial centre. Business representatives are encouraged to visit to share information about cyber threats and breaches.
Back in October 2016, for example, the government announced that as part of its multi-billion pound plans, it would be seeking greater engagement with CEOs and board level executives on cyber security. This was intended to be enabled by making connections with business via the new National Cyber Security Centre (NCSC) in London.
The NCSC’s CEO will be former GCHQ cyber security head Ciaran Martin, and it is reported that the NCSC will grow to house many vital cyber defence directorates and sub-directorates, including Incident Management and Research.
At the recent CYBERUK 2017 conference, the NCSC announced that as well as being more outward-facing to business, they will also soon be more diverse. New initiatives will mean that as well as having a one-third female workforce, the NCSC will work with the private sector to provide first-job placements for female graduates in science, technology, engineering and maths (STEM).
What Does This Mean For Your Business?
Up until now, businesses have faced the prospect of attempting to protect their data as best they could with the threat of instant reputational damage, loss of customers and the threat of huge fines if any breaches were known about. Some businesses are therefore likely to have buried or delayed data breach announcements as long as possible. The opportunity of a more open, less threatening option should the worst happen has to be good news, and only by really working together, without fear, and sharing information can the UK gain better protection for its businesses and other institutions from the constantly evolving menace of cyber attacks.