Summary of the Event
On 19 January 2022, 29 people joined the Smart Places Working Group meeting to discuss Data and Cyber Security. The event was held in Zoom, and it featured a combination of presentations, a panel session, and breakout discussions. You can view the recording at the bottom of this page.
This SPWG event responded directly to the National Cyber Strategy 2022 (Strategy), which was launched in Birmingham in December 2021. Key insights from the breakout discussions will be used to shape a proposed regional response to the Strategy. The proposed response includes developing a Cyber Working Group, which will join the Innovation Alliance for the West Midlands (IAWM) family of Working Groups and sit parallel to the Smart Places Working Group. Further details are shared at the bottom of the page in under “Next Steps”.
Speakers and Panellists
The event was chaired by Sarah Windrum and featured presentations by Daljinder Mattu (DCMS) and Hugo Russell (Cyber Quarter). The panel featured Andrew Clarke (Assured Cyber Protection), Chris Woods (CyberQ), Daljinder Mattu (DCMS), Pete Rucinski (Assure Technical), Prashant Pillai (University of Wolverhampton), and Richard Fallon (Cyber Risk Score).
Overview of National Cyber Strategy 2022
Daljinder Mattu started us off by sharing an overview of the National Cyber Strategy 2022, which you can read in full here. Daljinder’s presentation included a brief discussion about the Strategy’s 5 Pillars, which helped contextualise the panel session.
The Strategy’s Pillars are:
Pillar 1: Strengthening the UK Cyber Ecosystem
Pillar 2: Building a Resilient and Prosperous Digital UK
Pillar 3: Taking the Lead in the Technologies Vital to Cyber Power
Pillar 4: Advancing UK Global Leadership and Influence for a
More Secure, Prosperous, and Open International Order
Pillar 5: Detecting, Disrupting, and Deterring Our Adversaries
to Enhance UK Security in and through Cyberspace
Key Highlights from the Panel Session
Daljinder’s presentation was followed by our panel session. During the session, the speakers considered Cyber from regional, national, and global perspectives. Key points included:
- Cyber is—and should be treated as—a business problem
- People are an organisation’s greatest liability
- Cyber knowledge and hygiene can begin in the workplace and filter out into people’s personal lives; likewise, Cyber training could be implemented in primary and secondary education so children and young people grow up understanding Cyber risks and Cyber security
- Comparing Cyber security to physical security can help businesses understand why and how they need to protect themselves
- Cyber Essentials training is the start of a journey, “not the standard everyone should achieve” (Andrew Clarke)
- When selecting a Cyber Essentials training provider, businesses should consider which provider(s) are aligned with their values and have the experience to help the business grow in the intended direction
- Business incubators and accelerators should include a Cyber module, and entrepreneurs should be encouraged to develop projects with Cyber involved from the start
- Businesses change their behaviours when the government makes things mandatory; certain levels of Cyber security should be mandatory for all businesses
- Customers are now demanding that businesses have a certain level of Cyber competence, which is driving more companies to complete Cyber Essentials
- Government is investing money into support for initiatives across the 5 pillars to take the burden away from citizens and businesses
- Businesses spend money on Cyber security when they’ve been hacked, but it is much more cost-effective to prevent attack than to recover from it
- The Cyber skills gap is massive and is something that needs to continue to be addressed from multiple angles, both regionally and nationally
- Understanding the psychology behind different types of Cyber attacks is key to implementing an effective defensive strategy
- An unbiased media campaign, perhaps by Government, could do wonders for increasing people’s awareness of Cyber security
- SMEs need to make sure they know what their IT providers are responsible for and what they are responsible for; Cyber security is not covered by IT suppliers.
The overall consensus was that Cyber security needs to be integrated more holistically into businesses, as well as into life. The UK has a strong global reputation in Cyber security, and the panellists agreed that they want to see this strengthen in the coming years as we implement the Strategy. A comprehensive regional response will be key to realising this goal.
Proposed Regional Response to the Strategy
Following the panel session, Hugo Russell (Cyber Quarter) shared a brief overview of a proposed Pillar-1-driven regional response to the National Cyber Strategy. As mentioned above, this proposal included mention of a Cyber Interest Group, which will shortly be launched as a Cyber Working Group sat within the IAWM family of Working Groups.
Cyber Security is critical to the operational wellbeing of the West Midlands and there is a strong history of technology innovation and adoption in this area. By bringing together cyber related organisations and influencers, including SMEs, academics, public sector and support organisation we have an opportunity to make the West Midlands more resilient whilst improving our cyber innovation capability.
Our focus will be on collaboration and exploring ways to advance adoption and commercialisation of cyber security processes, policies, platforms and products. Through this collaborative development and promotion, we will be sharing insights and best practice on relevant and emerging cyber technologies, used to deliver value to customers. The strength of the group comes in part from its insights across multiple sectors, including those involved in automotive, aerospace, defence, finance and rail, along with their extensive customer and supply chains.
We will also work together to influence the strategies, policies and operational ingredients needed to maximise the benefits from the regions strong technology and business services networks.
The group will be chaired by Prof Prashant Pillai, Associate Dean Research & Knowledge Exchange / Director of Cyber Quarter, The Midlands Centre for Cyber Security and co-ordinated by Hugo Russell, Project Manager; Cyber Quarter, Midlands Centre for Cyber & Security.
(* n.b.: These slides include the word “draft” along the side to indicate that this is a work in progress. These slides should be viewed as conversation prompts rather than as a formal statement about the proposed regional response.)
Feedback from Breakout Discussions
After the presentations, attendees moved into breakout rooms to discuss the National Cyber Strategy and the proposed regional response. The groups made use of Jamboards, which you can view here.
Attendees were asked to respond to the following questions during the breakout discussions:
- Who else should be in the room?
- What haven’t we thought of yet? What else should be included?
- Do you have any general feedback on the proposed response?
- What opportunities could align with each of the 5 pillars?
- Which people / organisations across the Midlands could make the most of those opportunities?
The groups shared the following thoughts:
- Clarity is key; adding too many voices to the conversation can add confusion for new business owners and lead them to ask, “Where do I start?”. We need to make sure we streamline the process of becoming Cyber-literate so that everyone can access
- Innovation in Cyber security isn’t just about creating new Tech products. Innovation within the sector is also about new ideas and approaches to Cyber security, including teaching Cyber in schools alongside “stranger danger” and “stop, drop, and roll” concepts.
- Cyber security education and training in professional contexts bleeds out to home life.
- Addressing the skills gap is vitally important, as is identifying how to most effectively address the skills gap.
- The regional response must link in with the strategic picture from the national level, including the National Cyber Advisory Group. It must also enhance coordination between and among universities, businesses, third-sector organisations, and citizens.
- Forward planning—on a regional level—is key. Where does the region want to be in 6, 12, and 18 months? What steps need to be taken now to ensure we are on the right trajectory?
- The Cyber response should link with other National Strategies (e.g., Digital, Health, Data, etc.) to maximise opportunity and benefit across the board.
- The region can make use of local media, particularly regarding university research, to drive awareness of Cyber risk, resilience, and security.
- Use Trade and Industry Bodies to integrate Cyber across industries and sectors and consider having a non-Cyber organisation lead the response to make it more accessible to a wider range of potential stakeholders.
- Make the language of Cyber relevant to each industry so industries are “secure by design” rather than as an afterthought.
- A wide-scale media campaign would be a helpful way to get people talking about Cyber. This campaign would need to take an independent view and be both regional and national.
- Fines collected from companies that have broken the UK’s Cyber laws could be recycled and reinvested back into making the UK more Cyber secure.
Additional thoughts from some of our speakers:
Andrew Clarke: We cannot underestimate the role humans play in Cyber security. “We create the situations we find ourselves in. They are effectively human errors, omissions, or deliberate actions. Having a better understanding of the human dynamic will create much more resilient ecosystems that are exponentially stronger and harder to breach.”
Chris Woods: We need to think about “the similarities between Cyber and Physical security. Simplifying our language can help make a bigger impact into the cyber landscape.”
Richard Fallon: “Many large companies and organisations are investing heavily in their own cybersecurity. However, with the rise of supply chain hacking, many data breaches and hacks are coming in through the SME suppliers in their supply chains. Hackers now focus more on SMEs as they know their defences are poor and they can access data or systems shared by their larger, well-defended suppliers. According to Hiscox Cyber Security report 2021, ‘A small business in the UK is successfully hacked every 19 seconds’.”
The Cyber Working Group will launch on 3 March with an online session. In its first year, the Cyber Working Group will be chaired by Professor Prashant Pillai (University of Wolverhampton). Insights from the Working Group will be fed directly into the National Cyber Advisory Group proposed within the Strategy.
You can find out more around regional cyber activity here.
As we develop the West Midlands as a leading smart region in the UK, Cyber will continue to play an ever increasing role around the safety and security of our future technological world. We look forward to seeing stakeholders with an interest in both topics at future sessions.
Sarah is a Business Founder and Investor in the technology sector. She founded and sold a successful ICT project management business, which supported organisations to harness technology for innovation and productivity; and is now investing in exciting new projects including a new workplace well-being digital start-up called Wellspace. Her entrepreneurial success was recognised in 2021 when she was awarded the Nachural Business Woman of the Year.
Sarah has been a Board Director for the Coventry & Warwickshire Local Enterprise Partnership (CWLEP) since 2016 driving the development of digital creative clusters with national and regional stakeholders. She became CWLEP Chair in April 2021 leading the public private partnership to implement the Strategic Reset Framework and transition to delivering on the Net Zero and Levelling-Up ambitions of Central Government.
Chief Strategy Officer at Assured Cyber Protection
Andrew Clarke is an internationally established strategic advisor and defence and security specialist with 20+ years’ experience leading operational delivery teams in both private and public sectors.
Before co-founding ACP, and following a significant career leading specialist military capability, he advised governments on defence and security, resilience, emergency measures and preparedness. Andrew has a comprehensive understanding of ACP and now leads our strategic partnership initiatives and development of new markets globally.
Founder and CEO at CyberQ Group
An experienced leader within the cyber security realm, Chris Woods is the founder of CyberQ Group – an award winning global cyber security innovator with offices in the UK, USA and Philippines. Having previously managed elite security teams at the European Space Agency, HP and Fujitsu, Chris has over 25 years of pure Cyber Security experience, working and living globally. His focus areas are Cyber Innovation, smart cities and protection of individuals’ privacy in an interconnected world. Chris is now leading a passionate team of cyber and business professionals, developing the next generation of security services using AI, Blockchain and Big Data analytics.
Senior Policy Lead for Cyber Security in the Midlands at DCMS
Daljinder Mattu joined the Department of Digital, Culture, Media & Sport in June 2021 as a Senior Policy Lead for cyber security in the Midlands. She is based in the region to drive growth and innovation in the UK cyber security sector by building and expanding regional reach and impact. Daljinder led on supporting the launch of the new 2022 National Cyber Strategy in Birmingham.
Prior to this, Daljinder worked in the Cabinet Office as Government Security Profession Head of Communications and previous to this as Head of Stakeholder Engagement & Communications for the 2016-2021 National Cyber Security Strategy.
Pete is an NCSC Certified Cyber Professional, Chartered Engineer and IT professional who began his career as a Royal Navy Weapon Engineer Officer.
Pete founded Assure Technical to provide technical security expertise and solutions to companies operating in the commercial sector. Ten years on, it is now a leading Cyber Security Certification Body and has helped hundreds of companies of varying sizes strengthen their defences against the ever-present cyber threats.
As well as overseeing the day-to-day running of Assure Technical, Pete is actively involved in the East and West Midlands Cyber Resilience Centres and Midlands Cyber, and he directly supports IASME, the NCSC Cyber Essentials Accreditation Body, with quality assurance and scheme development activities.
Prof Prashant Pillai is currently working as a Professor of Cyber Security and Director of the Wolverhampton Cyber Research Institute (WCRI) at the University of Wolverhampton, UK. WCRI consists of 24 academics and specialises in security for critical national infrastructure with a current focus on detection, prevention and innovate solutions for large scale co-ordinated attacks on complex systems. Prior to this, he worked as Reader in Cyber Security and was the Head of the Cyber Security Research Group at the Department of Computing and Communications Technologies, Oxford Brookes University, Oxford, UK. Pillai is the Associate Editor of IEEE Transaction on Aerospace and Electronic Systems and an Editor of the Journal of Emerging Trends in Engineering and Applied Sciences (JETEAS).
CMO at Cyber Risk Score
Dr Richard Fallon is the co-Founder and CMO for Cyber Risk Score. Cyber Risk Score is an innovative benchmarking tool which allows businesses and organisations to measure, monitor and manage cybersecurity internally and within their supply chains.
Cybersecurity for many business owners, MDs and CEO is complex, confusing and costly. Cyber Risk Score aims to make it simple, straightforward and affordable for every business and organisation.
Richard has a PhD in Electronic Engineering and was a Business Analyst for British Airways and npower before getting into marketing.
He has developed a workshop which gives business owners, MDs and CEOs an understanding of cybersecurity, key principles and how they can best manage it in their role.