A cyber-attack disrupting West London councils’ services is stifling the housing market for the capital’s most expensive properties.
While public sympathy for millionaires in Kensington and Chelsea will be muted, lost stamp duty worsens government finances. Digital insecurity is a rapidly escalating economic problem.
‘Highly significant’ cyber incidents jumped 50 per cent last year, according to the National Cyber Security Centre, and breaches affecting Jaguar Land Rover, Co-op, M&S and others, made national headlines and curbed GDP growth. Meanwhile, cyberfraud runs rampant, leading to cancelled hospital appointments and small businesses going under.
Cyber-risk is rarely like a tsunami – sudden and catastrophic – instead it is more like coastal erosion, wearing away the digital foundations of our economy. Each incident undermines our public services, weakens economic growth and damages trust in the security of technology.
Ransomware attacks against businesses frustrate growth; fraud undermines trust; and state adversaries can more easily put our critical national infrastructure at risk. Yet our national approach reflects an assumption that private markets can manage cyber-risks themselves.
They cannot. Responsibility for cybersecurity is unfairly distributed, and individual citizens too often bear the cost. A more interventionist approach is necessary.
The Cyber Security and Resilience Bill (CSRB) is welcome – largely mirroring changes made by the EU – for example, by increasing incident reporting and empowering regulators. If implemented well, the CSRB will enhance the security of UK critical national infrastructure without imposing excessive cost.
Yet the government’s own impact assessment for the bill suggests that only about 2,000 organisations will initially be covered by its scope. This means that while the bill is important for keeping the lights on and drinking water flowing, there is still an open question about government plans to improve cyber-resilience on an economy-wide scale. None of the prominent victims of cyber-attacks in 2025 – M&S, the Co-op or JLR – are in the scope of the CSRB as currently designed.