The influential cross-party Public Accounts Committee (PAC) has heeded advice from the Cabinet Office (CO) to urge the government to involve large enterprises in its cybersecurity strategy to help smaller, more vulnerable businesses operating in their supply chains to develop sufficiently robust cybersecurity defences.
In an extension of the remit of supply relationship management, the PAC maintains that large firms have a duty to encourage smaller suppliers to put in place basic cybersecurity measures to ensure adequate protection of customer privacy. The Committee recommends that the government include sectors of the economy, such as retail, in its cybersecurity improvement strategy, citing the example of National Security Centre (NSCS), which collaborated with the Bank of England to develop improved cybersecurity standards.
The Committee is now urging the government to set out how it would influence different sectors in the economy by distributing information on cyber resilience to their customers, a procedure that should form part of its approach to cybersecurity from 2021 onwards. But, the report pointed to weaknesses in the CO’s efforts to devise long-term objectives for the NCSC, which received funding of £1.9bn, citing a weak evidence base and the absence of a sound business case. This, the Committee pointed out, made it hard to evaluate whether the strategy would meet its objectives or provide genuine value for money.PAC Chair, Meg Hiller, welcomed the NSCS but emphasised that the Committee remained to be convinced that the programme devised to deliver it was adequate. She said: “With its world-leading digital economy, the UK is more vulnerable than ever before to cyber-attacks. As the likelihood of these attacks continues to grow, the UK needs to protect itself against the risks created by more and more services going online.” Procurement practitioners, it seems, must add close working with IT colleagues to core duties, such as category management, cost reduction, and strategic sourcing.