London, UK — Industry experts and policymakers urged CEOs and boards to take greater responsibility for improving resilience against cyber-risks at the FT Cyber Resilience Summit: Europe, held in London this week.
The summit follows a year of high-profile cyber-attacks on well-known brands in the UK, including Marks and Spencer supermarket and Jaguar Land Rover, which reportedly caused a drop in the UK’s growth.
The UK’s National Cyber Security Centre (NCSC) announced on Tuesday that nearly one billion attempts to access malicious websites were blocked in less than a year by the NCSC’s Share and Defend service.
This initiative, developed by the UK government and telecom provider BT, aims to prevent online crime in real-time by sharing data on known and fraudulent phishing websites with internet service providers.
UK Security Minister Dan Jarvis told attendees he sees the relationship between business and government as a partnership but stressed that “businesses need to take responsibility for their cybersecurity resilience.”
The UK Government is pushing ahead with a ban of ransomware payments as part of the Cyber Security and Resilience Bill (CSRB), which passed its first reading in November.
However, Jarvis today confirmed that exceptions may be made for national infrastructure, which some experts argue could undermine the overall effectiveness of the ban and lead to increased targeting of critical services.
Getting The Board On Board
Several industry leaders spoke at the event about the importance of securing the supply chain, cybersecurity insurance, and rolling out identity security controls like multi-factor authentication in the face of new generative AI risks.
“‘The Chinese state knows our supply chain better than we do,’ said former UK Defence Secretary Ben Wallace.”
Speaking at a panel on AI risk, Marnie Wilking, CISO at Booking.com, warned that giving agentic AI access to systems without safeguards is like “handing a group of four-year-olds a pair of scissors and letting them run around in your systems.”
AI has impacted the threat landscape, particularly when it comes to social engineering and phishing, said Carlos Rombaldo, Head of Information Security, Holland and Barrett.
“Before [ChatGPT released] we used to have 10-20 phishing attempts per month. Now we are in the order of 200-300 a month. Before they were easy to spot. Now they are targeted,” said Rombaldo.
Despite the challenges, several CISOs told Expert Insights that they are optimistic about the future of the cybersecurity landscape.
The silver lining of the major attacks on British retailers has been increased awareness in company leadership and at the board level of the risks of cyber-crime, and the importance of strengthening resilience in the face of evolving business risks.
