Security experts raise questions about UK cyber funding in wake of Electoral Commission hack
Experts have described security funding as lackluster amid rising state-backed cyber attacks
Cyber security experts have criticized the government's limited cyber security budget increase, describing the total increase of £6.5 million over the last financial year insufficient in comparison to the scale of the threats.
Suid Adeyanju, CEO of RiverSafe, described the budget increase as “pitiful”, arguing that elected officials in the UK deserve the “highest standard” of cyber protection in the current security landscape.
“The growing volume of sophisticated security attacks on MPs and peers requires immediate and urgent action, including military-grade encryption, the latest training and ransomware prevention strategies,” Adeyanju said.
According to data obtained under a Freedom of Information (FOI) request, the UK Parliament’s overall IT budget rose to £67,702,898 up from £61,154,627 in the previous year.
These figures only constitute a growth of 11%, though the data also shows an increase in IT specialists employed by parliament which totals a headcount of 548 staffers, up from 496 the previous year.
Concerns over financial commitments to cyber security follow news that Chinese-linked threat actors were responsible for the Electoral Commission hack.
Hackers were found to have accessed the personal details of around 40 million voters in the UK, prompting a diplomatic spat between the US, UK, and China.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
The National Cyber Security Centre (NCSC) also discovered that four British parliamentarians, noted for their criticism of Beijing, were targeted in a separate cyber attack.
The threat actors are believed to have targeted these parliamentarians' emails in the form of a spear-phishing attack.
As a direct response to the attacks, the cyber-espionage group APT31, known for its ties with the Chinese Ministry of State Security, has been hit with sanctions by the UK government.
“We will not hesitate to take swift and robust actions wherever the Chinese government threatens the United Kingdom’s interests,” deputy prime minister Oliver Dowden said.
“The UK judges that these actions demonstrate a clear and persistent pattern of behavior that signals hostile intent from China,” he added.
While Adeyanju criticized current cyber security spending levels, other industry stakeholders praised parliament’s commitment to improving IT staffing levels.
“It’s encouraging to see a substantial boost in IT staffing at a time when Parliament and many other organizations are facing a relentless cyber risk,” said Derek Mackenzie, CEO of Investigo.
“Having a tech team equipped with the latest AI and cyber skills is critical for protecting organizations from outsider threats.”
George Fitzmaurice is a staff writer at ITPro, ChannelPro, and CloudPro, with a particular interest in AI regulation, data legislation, and market development. After graduating from the University of Oxford with a degree in English Language and Literature, he undertook an internship at the New Statesman before starting at ITPro. Outside of the office, George is both an aspiring musician and an avid reader.