UK: Cybersecurity Capacity Review 2015
This report presents the results of a review of the state of cybersecurity capacity in the United Kingdom, premised on the Global Cyber Security Capacity Centre’s National Cybersecurity Capacity Maturity Model (CMM). It was supported by the Office of Cyber Security and Information Assurance (OCSIA) in the Cabinet Office and contributed to the development of the UK National Cybersecurity Strategy 2016–2020 launched in November 2016. The report, which was submitted to the OCSIA, included both an analysis of the maturity of capacity across the 5 distinct dimensions of the CMM and more than eighty recommendations.
In line with the structure of other reports produced by the Global Cyber Security Capacity Centre, e.g. in Bhutan and Kosovo, this iteration enables the UK government to determine the areas of capacity the country might strategically invest in to improve its cybersecurity posture.
The evidence for the report was collected through a four-day consultation process with stakeholders from various sectors: government departments and ministries, academia and civil society, criminal justice and law enforcement, legislators and policy owners, CERT (Computer Emergency Response Teams), and IT leaders from government and the private sector, major industry and SMEs, telecommunications companies and the financial sector.
This evidence was categorised across the five dimensions of the CMM: cybersecurity policy and strategy, cyber culture and society, cybersecurity education, training and skills, legal and regulatory frameworks, as well as standards, organisations and technologies.
The analysis showed that cybersecurity capacity in the UK exhibits an established and strategic stage of maturity in most of the factors that constitute the 5 dimensions of the CMM – with many indicators already showing progress towards reaching the next stage. And in areas such as “Strategy and Policy” and “Legal and Regulatory Frameworks” the UK is even at a dynamic stage of maturity.
Some of the recommendations of the report comprise: ensure that all stakeholders are included in the process for revising the national cybersecurity strategy; enhance capacity at the local and lower governmental levels and to promote the understanding of risks and threats; invest in ICT research and cooperation between academia, research and industry to strengthen the software-engineering competencies of domestic ICT companies; and improve international cooperation and mutual legal assistance in combating online criminal offences.
The graph below (included in the report), illustrates the 5 stages of maturity for all factors within the dimensions of the CMM, which reach from start-up (stage 1) to formative, established, strategic and dynamic (stage 5).
Find the full report at the bottom of this page