Part Three – The Digital Revolution (Part Nine)

Economic Unit

Cybersecurity
Introduction

From global supply chains to small businesses, the modern economy cannot function without a secure and resilient digital environment.

It is therefore concerning that in 2022, the UK experienced the highest number of digital attacks in Europe, accounting for 43% of all reported digital incidents, and around one-third of businesses reported experiencing a cyber intrusion or attack.

Research by UK Chambers of Commerce indicates that more than half of British companies believe their vulnerability to cyberattacks has increased due to remote working.

With the expansion of artificial intelligence and the growing scope of the digital world, urgent measures must be taken to protect against cybercrime and stay ahead of threats.

Cybersecurity is both a major challenge and an immediate risk for businesses.

According to a report by the UK House of Commons Justice Committee, cyber-enabled fraud accounts for 22% of all reported crimes, yet only 2% of police resources are allocated to investigate it.

Businesses assess their vulnerability to cybercrime as much higher than physical risks such as droughts and floods:
BCC survey data shows that only 2% of businesses report no concern over cyber threats, while 45% are unconcerned about floods and 58% about droughts.

Large companies face higher potential financial losses from cyberattacks, but small businesses are often at greater risk due to fewer protections.

There is a misconception that cyberattacks only target certain individuals or businesses. In reality, cyberattacks focus on vulnerabilities—any business, regardless of size, with such weaknesses can become a victim.

Critical National Infrastructure and Supply Chains

Critical national infrastructure and supply chains are prime targets for cyberattacks, and without sufficient protection, the UK economy could face major shocks in the event of a systemic attack.

In December 2023, the Joint Committee on National Security Strategy published a report warning that the UK is unprepared for a “high-risk” catastrophic ransomware attack “at any moment,” and that there is no excuse for underinvestment in preventing a major crisis.

However, this emerging threat also presents an opportunity for the UK to become a global leader in cybersecurity and the safest place for business.

To seize this opportunity, the government must ensure growth by building resilience against cyber threats and support businesses in confronting cybersecurity challenges directly. Businesses must trust that the UK’s digital infrastructure is secure and that the economy is sufficiently protected when issues arise.

Businesses also need support to understand their responsibilities in securing customer data.

Government-backed Cyber Reinsurance Scheme

Over the past two decades, the UK has faced multiple economic shocks that caused significant disruption.

The need for financial bailouts and extensive government intervention during bank failures, the COVID-19 pandemic, and the energy crisis has significantly increased UK debt.

The Financial Studies Institute has warned:
“High debt levels can create risk—raising the cost of servicing debt and reducing government financial space to respond to adverse shocks in the future.”

This underscores the necessity for proactive government action to increase economic resilience against such shocks.

Catastrophic Cyberattack Threat and the Role of Insurance

A catastrophic cyberattack could bankrupt thousands of businesses and destabilize the UK economy.

Currently, many insurance companies are reluctant to provide cyber insurance, and those that do often exclude the most significant risks, such as failures in critical national infrastructure.

Insurance policies typically do not cover “acts of war,” limiting the market’s effectiveness since many cyberattacks on critical systems are conducted by actors linked to hostile states.

Furthermore, existing cyber insurance is often prohibitively expensive for many small businesses, resulting in low adoption:
Only 7% of all UK businesses have dedicated cyber insurance, and this figure is likely lower for small and medium-sized enterprises.