Cyber resilience of UK digital infrastructure

DOI: https://doi.org/10.58248/PN753

• Society and the economy are increasingly dependent on digital technologies, with severe potential consequences if they become unavailable.
• Threats to digital technologies and their supply chains include cyberattacks, environmental hazards and system failures, with malicious interference increasing. Vulnerabilities, such as the increasing complexity and interdependence of technologies, exacerbate cyber risks.
• Practical strategies to manage cyber risks and increase cyber resilience include technology-based approaches, resilient system design, and organisational approaches.
• There are a range of reasons why strategies to increase cyber resilience may not be adopted, including commercial and cultural factors, such as a lack of funding, skills, and data about the threats and effects. The National Audit Office has found “Departments have not met their responsibilities to improve their own and their wider sectors’ cyber resilience”.
• The government says cyber resilience is a priority, with the UK increasingly vulnerable to technology failure. It is working to instil ‘Secure by Design’ principles in government departments and to introduce policies that promote cyber resilience strategies.
• The government aims to update the existing Network and Information Systems (NIS) Regulations through its Cyber Security and Resilience Bill.

This briefing was produced in consultation with experts and stakeholders, who are listed at the end of the briefing PDF. The briefing was funded by the Engineering and Physical Sciences Research Council. POST would like to thank everyone who contributed their expertise and acted as external reviewers of this briefing.