So the government is serious about cybersecurity? Really?

This morning’s Observer column:

On Tuesday, the chancellor, Philip Hammond, announced that the government was “investing” £1.9bn in boosting the nation’s cybersecurity. “If we want Britain to be the best place in the world to be a tech business,” he said, “then it is also crucial that Britain is a safe place to do digital business… Just as technology presents huge opportunities for our economy – so to it poses a risk. Trust in the internet and the infrastructure on which it relies is fundamental to our economic future. Because without that trust, faith in the whole digital edifice will fall away.”

Quite so; cybersecurity is clearly important. After all, in its 2015 strategic defence and security review, the government classified “cyber” as a “tier 1” threat. That’s the same level as international military conflict and terrorism. So let’s look at the numbers. The UK’s defence budget currently runs at £35.1bn, while the country’s expenditure on counterterrorism is now running at about £3bn a year. That puts Hammond’s £1.9bn (a commitment he inherited from George Osborne, by the way) into perspective. And the money is to be spent over five years, so an uncharitable reading of the chancellor’s announcement is that the government is actually investing just under £400m annually in combating this tier 1 threat.

All of which suggests that there’s a yawning chasm between Hammond’s stirring rhetoric about the cyber threat and his ability to muster the resources needed to combat it…

Read on