Cheltenham Cyber Roundtable Insights

On September 11, 2024, Charles Russell Speechlys’ Cheltenham office co-hosted a Roundtable event focusing on Cyber Security with Insider magazine. The event featured Commercial Partners Rebecca Steer and Richard Davies, who were joined by business leaders from Emerge Digital, NCC Group, Cyber Security Associates, Headforwards, CDS Defence and Security, Darkscope, HBD, British Business Bank, Red Maple Technologies and Ladies of Cheltenham Hacking Society.

Chaired by Insider Media’s business editor Collette Flowerdew-Kincaid, the discussion focused on a number of key points;

• Cyber crime is estimated to cost the UK economy around £27bn per year. All businesses need to prepare - all businesses are at risk -whether directly or indirectly via supply chains;
• Preparation is unique to each business. Key considerations are; cyber policies, good governance, training, supply-chain due diligence, supply-chain contracts, testing, incident response procedures and continued security investment;
• Cyber safety needs to be embedded into a business culture and considered at every stage of process and procedure - it cannot be a standalone or outsourced function;
• Quantum computing will have the ability to break common encryption methods at speed, so all safety methods and processes need to continue to evolve;
• Risks are from internal breaches, external attacks (ransomware and hackers) but also supply chains and the wide number of devices connected by the IoT hardware;
• Businesses have to collaborate internationally given the exposure from supply chains;
• The South West is uniquely positioned to lead the international cyber stage with the HBD Golden Valley development and Gloucester’s Cyber Hub centers, together with the academic centres of excellence, University of Bristol University of the West of England and Cardiff University / Prifysgol Caerdydd;
• There is a need for joined-up, easy-access training and resources for businesses - perhaps with tax breaks for this investment. The Cyber Security and Resilience Bill will help by:

1. making reporting of security incidents mandatory;
2. expanding the scope of Network and Information Systems Regulations 2018 to protect more digital services and focus on supply chains;
3. boosting the powers of regulators in the area (Information Commissioner's Office; Ofcom, Solicitors Regulation Authority, FSA etc.) to ensure security is being implemented. At this stage we have few details about how the bill will shape up, and crucially, whether regulators will have enough teeth to drive investment and change at all levels.

The participants all agreed that cyber threats to businesses were an ongoing challenge which would benefit from greater collaboration, training, and governmental support for businesses.