Cybersecurity minister Feryal Clark said Britain’s IT security has been behind the EU for years – and new laws to fill the gap are likely to take another two years to come into force
Brexit has made the UK more vulnerable to cyber attacks, a tech minister has said.
Feryal Clark said Britain’s IT security has been behind the EU for years – and new laws to fill the gap are likely to take another two years to come into force. She said laws in the EU have been updated to combat growing threats since Brexit but that the UK has not been left “adequately protected”.
Speaking to the Mirror, the Minister for Cybersecurity recounted the dreadful delays caused by last year’s cyber attack on the NHS, which saw thousands of appointments and procedures cancelled. She compared it to her mother’s suffering after a hip replacement operation was cancelled and delayed for years during the pandemic.
“It meant she wasn’t able to use her leg… she developed other complications… it had such a knock on effect on her life. It was horrendous,” she said. Instead of being in hospital for three days for the procedure, her mum ended up being in hospital for “weeks and weeks”, she said.
READ MORE: Cyber security boss warns UK needs to wake up to risks posed by Russia and China
Ms Clark continued: “When services are impacted by cyber attacks, when someone’s hip replacement, their knee replacement, any operations are delayed, the impact on their lives is huge. That’s where we need to make sure we are protecting our services from cyber attacks, whether that be state actors, or whether that be criminal actors, it’s really, really important.”
The minister said water, electricity and energy suppliers were among public services at risk too. “Whether it’s your water being cut off, whether it’s your energy, your lights turning off, or whether it’s being able to have that hip replacement that you’ve been waiting for for years, we as a government have a duty to make sure that we are protecting those services,” she said.
The government will on Tuesday publish the details of its Cyber Security and Resilience Bill, which will be laid in Parliament later this year. Ms Clark said she hopes the measures included in the bill will bring the UK “in line” with the EU.
Explaining that the UK was previously under EU cyber-security laws, which have been updated since Brexit, she said: “The EU updated their legislation in light of the cyber threats becoming increasing and becoming more prominent.
“But we were out of Europe so we weren’t adequately protected and that’s why when we came to the government, we were adamant about making sure that UK businesses are protected against cyber attacks. The EU has already brought forward the legislation – some of the measures – that we’re proposing. So we are hoping with these measures, we’ll be in line.”
Ms Clark said some cyber requirements for businesses had been brought in since Brexit but many were voluntary. Labour’s bill will now put them on a statutory footing. But she admitted the legislation, which will be introduced to Parliament later this year, will take years to come into force. “We will start this year. By the time it gets Royal Assent it will be a couple of years,” she said. Under the new bill, Technology Secretary Peter Kyle will have powers to update the legislation to keep pace with emerging cyber threats, without having to go through the lengthy process again.
Cyber threats cost the UK economy almost £22billion a year between 2015 and 2019 and cause significant disruption to the British public and businesses. Last summer’s attack on Synnovis – a provider of pathology services to the NHS – cost an estimated £32.7million and saw thousands of missed appointments for patients.
In the year to September 2024, the National Cyber Security Centre managed 430 cyber incidents, with 89 of these being classed as nationally significant – a rate of almost two every week. Some 50% of British businesses suffered a cyber breach or attack in the last year, with more than 7 million incidents being reported in 2024, according to the most recent Cyber Security Breaches Survey.
The government’s new bill will boost protection of supply chains and critical national services, including IT service providers and suppliers. Some 1,000 service providers are expected to fall into the scope of the measures.
READ MORE: Join our Mirror politics WhatsApp group to get the latest updates from Westminster