Why Has There Been a Boom in the UK Cyber Security Sector?

Not many years ago, IT security was at best a niche employment area. Specialist companies selling firewall solutions, asset tracking software and auditing services. Malware was little more than a nuisance and hacking was more of a sport than a significant threat. Outside of the industry, IT security and cybercrime was unknown. Then in 2007, coincidentally the same year the first iPhone was released, the Zeus Trojan was created. This keystroke logger was arguably the first computer malware, to gain mainstream media attention in the UK. In 2010, the FBI arrested over 100 people related to Zeus and concluded that $70m had been stolen. Cybercrime had arrived in public consciousness.

Fast forward to 2019 and not only have iPhones got bigger and more expensive, but according to a UK government report, “UK’s booming cyber security sector is worth £8.3 billion.”

Growing in value by 47% since 2017;

“The number of active cyber security firms in the UK has increased 44 per cent – up from 846 in 2017 to over 1,200 at year-end 2019. This growth is the equivalent to a new cyber security business being set up in the UK every week.

There are now approximately 43,000 full time employees working in the cyber security sector, up 37 per cent from 2017.”

Booming indeed, but what is fuelling the growth in the UK’s Cyber Security sector?

The rise of Online and Cybercrime

According to the Office for National Statistics (ONS), the UK percentage of online sales has risen from 2.8% in 2007, peaking to over 35% in 1Q 2021. Drilling down, the percentage of online sales has more than doubled since as recently as 2017. As the UK has moved online, so has crime. It’s not just B2C commerce. Growth in computer automation, more tightly integrated supply chains and increasing use of the cloud are areas where B2B activities are more vulnerable to attacks and interference from cyber criminals.

According to the UK government’s “Cyber Security Breaches Survey 2020” report;

“The extent of cyber security threats has not diminished. In fact, cyber-attacks have evolved and become more frequent.

Almost half of businesses (46%) and a quarter of charities (26%) report having cyber security breaches or attacks in the last 12 months. Like previous years, this is higher among medium businesses (68%), large businesses (75%) and high-income charities (57%).

Among the 46 per cent of businesses that identify breaches or attacks, one in five (19%) have experienced a material outcome, losing money or data.”

The Cyber Threat to UK Business

The UK National Cyber Security Centre was set up in response to the growth in cybercrime and the economic threat it poses to UK PLC. In their report “The Cyber Threat to UK Business” the NCSC show a number of case studies. These are well known global attacks, but the report highlights the impact on the UK.

Ransomware and distributed denial of service (DDoS) attacks – WannaCry ransomware

“A global attack using ransomware known as ‘WannaCry’ was launched on 12 May 2017. WannaCry encrypted victim machines, rendering them unusable, and demanded a ransom of US$ 300 in Bitcoin to unlock each machine.”

Prominent among the victims was the National Health Service (NHS); over a third of England’s NHS trusts were disrupted, with over 6,900 NHS appointments cancelled and some patients needing to travel farther for accident and emergency care. Most of the NHS victims used systems for which patches were available.”

Data breaches – Equifax & Uber

“Credit scoring agency Equifax was the victim of a data breach between May and July 2017, resulting in personally identifiable information of up to 143 million Americans being accessed. Data on approximately 400,000 UK nationals residing in the US was also potentially affected by the breach. The data reportedly included names, social security numbers, dates of birth and other personal information. Access to the data was gained via a website vulnerability, for which a patch was available. Equifax later confirmed that a file containing 15.2 million UK records dating between 2011 and 2016, was involved in the incident.”

Fake news and information operations

In May 2017, at least six Indian restaurants in the UK were targeted by fake news stories. One restaurant had to cut staff hours (and saw its revenue fall by half) after the fake story was picked up and spread on social networking sites.

In another case, a UK businessman was the target of a defamation campaign where false and doctored stories were shared on social media. His lawyers served an injunction against “persons unknown”, in a case believed to set a legal precedent.”

The boom in UK Cyber Security

As the UK consumer and business model moved online, so have the criminals. Every second, billions of electronic ones and zeros flow through fibre, copper, and the radio spectrum. Billions of bytes of information and billions of pounds in commerce. As technologies advance the need for cyber security grows, a workforce of highly skilled professionals that can adapt and change with the technological developments that are taking place.

2021 was yet another record year for cyber security. There are now an estimated 50,000 people employed in UK cyber security, up from 43,000 just two years earlier.. The sector is contributing more than £4bn to the economy and attracting £800m of new investment. Cyber security firms have helped the NHS fight against coronavirus by providing vital technical support and protection against hackers.

The growth is set to continue. New threats, such as Cryptojacking, the increased use of worms and the ever-growing Internet of Things are driving the need for more highly skilled, and highly paid professionals to keep the UK safe.

There has never been a better time to work in Cyber Security. The next decade will only see the rate of change in computer technologies and use of the online world increase. It would be foolish to predict what the IT world will look like in 2030, but we at Intaso are confident the value of a good cyber security professional will be higher than ever.