As Liz Truss becomes newly-elected leader of the Tory party and Britain’s third female Prime Minister, her in-tray is piled high with challenges, not least surging inflation, the cost-of-living crisis, a raging war in Ukraine, and the lingering economic impacts of Covid and Brexit.

News of her appointment will be keenly observed by the tech industry.

As foreign secretary under former PM Boris Johnson, Truss was noted for her strong stance on cybersecurity, denouncing the “clear and shocking evidence” of Russian cyberterrorism on Ukraine, following an assessment by the UK’s National Cyber Security Centre (NCSC).

Truss also personally unveiled the UK’s £2.6 billion National Cyber Strategy in December 2021 to “solidify the UK’s position as a leading democratic, responsible cyber power.” 

“Technology allows us to enjoy incredible freedoms,” she said at the time. “These freedoms, however, are threatened by malign actors seeking to undermine democracies in the digital world and beyond. Now is the time for the free world to fight back.”

Amid growing daily state-sponsored cyberattacks, digital extortion, and operational disruption, how should Truss address Britain’s cybersecurity challenges?

Cyber should be in ‘top three’ business priorities

Kevin Bocek, VP security strategy and threat intelligence at Venafi, said the PM has been elected against a backdrop of “accelerating geopolitical and geoeconomic tensions”, adding that cybersecurity has become a key battleground in these spheres.

“The new government should reinforce to companies – both large and small – that cybersecurity should be in their top three business priorities,” Bocek told SC Media.

“This will give the UK a competitive and resilient edge over its global competition and is vital at a time when nation states are continuing to flex their cyber muscles.”

Recent research from Venafi revealed that 82 percent of security decision makers believe that cybersecurity and geopolitics are intrinsically linked.

State-sponsored groups from China and North Korea are regularly conducting cyber campaigns to garner intelligence or funding for weapons programmes, the report showed.

“The cyber risk can’t be overstated and is set to intensify over the next few months, with Russia signalling its intent to cause economic chaos this winter,” said Bocek. “There’s also increased risk from China as it faces slower growth and growing nationalism.”

Cyber and physical need equal weighting

Javvad Malik, lead security awareness advocate at KnowBe4, said Truss has taken the UK’s top job at a turbulent time.

“As the nation has become more reliant on digital systems, it is inevitable that these will become the Achilles heel in critical infrastructure, services, and everyday tasks. Therefore, the emphasis of cybersecurity needs to be on the same level as physical security,” Malik told SC Media.

Efforts should be made to raise the baseline of organisations which have been underfunded or running on legacy systems, he said.

“We've seen how fragile the NHS and its associated systems are, and without significant investment, this will remain the case.”

Malik added that awareness of security risks needs to be raised amongst organisations and its employees. “Most attacks are successful due to social engineering, password attacks, or through unpatched software. So, putting in place programmes to help address these often-exploited avenues should be a priority.”

National upskilling needed

Chris Dimitriadis, chief strategy officer of ISACA, a global professional body helping organisations pursue digital trust, urged Truss to show ongoing support for the implementation of the National Cyber Strategy.

“This should focus on developing workforces by prioritising the upskilling of professionals and nurturing the next generation of exceptional talent from which to recruit.

“They should put a particular focus on building capacity within digital ecosystems and improve the ability to measure and boost cybersecurity maturity.”

The PM must also commit to strengthening and implementing the Audit Reform Bill, Dimitriadis said.

“This will ensure a more comprehensive regime which covers the assurance and reporting of technology, digital and cyber risk. This will be particularly important when addressing threats to supply chains.”