The head of the UK's National Cyber Security Centre (NCSC) has urged businesses in the country to do more to improve their defences against hacking attacks, warning that British businesses are facing threats from multiple fronts.
Speaking to the Financial Times, Ciaran Martin said that organised groups of cyber criminals and nation-states are looking to target UK organisations to cause disruption and deal damage.
"There is a lot more to the cyber security challenge in the UK than the Russian state,” Mr Martin said. "They may have some of the best operatives, but they don't have the only operatives and cyber security damage and harm can take many forms."
For example, he named Iran and North Korea as other nations that may engage in cyber attacks, while criminal gangs will also have their own motives for attacking businesses.
He added that these groups may have different tactics and motives, so firms need to be prepared to face a wide variety of risks and not focus solely on high-profile adversaries.
"The Russians aren't associated with the large-scale theft of money," Mr Martin continued. They are not always associated with the large-scale disappearance of personal data, but other states and criminal syndicates are and that does huge damage to confidence in individual organisations and … confidence in the digital economy as a whole."
He also said that it will be important for chief executives and other board members to take a more active role and improve their level of technical expertise.
At the moment, this is often lacking, as the FT highlighted a 2017 government report that revealed more than two-thirds of board members at FTSE 350 companies had received no training to help them deal with a cyber attack, while one in ten firms had no plans in place.
Mr Martin said that too often, the trend in cyber security has been to bring in outside help and declare the problem has been taken care of.
“You wouldn’t expect that in terms of financial liability, you wouldn’t expect that in terms of the way you pay tax, or the health and safety of your workers," he said, so it should not be accepted when it comes to cyber defences.