Cyber and the City: Speech by John McFarlane

The below speech was delivered by John McFarlane, Chairman of TheCityUK and Chairman, Barclays at the launch of "Cyber and the City: Making the UK financial and professional services sector more resilient to cyber attack"

Digital technology has radically changed nearly every aspect of people’s lives, and has brought untold benefits.

With the opportunities however, it has introduced a new threat, cyber crime. Not only are they after our information, they are after our money, and can and will steal it whenever they choose. 

Cyber criminals are harnessing this new digital reality, in which they can reach out across the globe, anonymously, risk-free. They attack systems, data and networks virtually without intervention.

Make no bones about it cybercrime is a clear and present danger, not only to our current way of life, but also to the security of society as a whole. 

Cyber criminals are smart, highly innovative and persistent. The rewards for these criminals are huge. It is the black market on steroids.

Our traditional defenses are no longer adequate to protect ourselves as shared industry systems, firms or individuals.

Not only will they get in to our systems, for many systems they are inside already, assessing which data they have accessed is of use to them, and waiting to act. 

Unfortunately, 90% of large UK organisations reported breaches in 2015, so enough is enough! 

We see that criminals and hostile states with virtually unlimited resources are moving form the small beer of individuals up the value chain with industrialised level attacks. For instance the recent attacks on big banks payment systems. For our sector, the game has changed. 

Cyber threat is not only about technology, it is also about people. Perhaps the greatest threat is collusion from within our own organisations.

Society is behind the game and we as governments, firms or individuals, need an urgent and integrated response, so we become the hardest target to attack and penetrate

We need to deal with this now. We really need to make it as hard as possible for them to get in and get out with anything useful to them.

It is a though a relatively new threat. It has taken little over a decade for Cyber Security to go from a niche issue to become a tier-one National Security problem in every major, advanced state in the world, as well as the dominant security issue of every major business across the globe.

It’s not as if there isn’t a response. The UK government has taken action. It published its National Cyber Strategy in 2011, and we’re expecting the next iteration later this year.

In November last year the Chancellor announced an additional £1.9 billion in cyber investment in order to aid the UK’s fight against cybercrime. And now, it has stepped forward with its decision to establish the National Cyber Security Centre.

This needs to be matched by us, the financial services industry. That’s where the money is.

I’m often asked what is management doing about it? It’s a good question, but not the only one. Since it is a major strategic issue and therefore also a matter for the board like any other major risk, as well and for the financial services industry as a whole.

Individual firms are now taking action to ensure their security and ability to recover. But more needs to be done. Cyber threat is a shared issue. Of course as firms we need to make ourselves as secure as possible, but there is limited advantage in going it alone.

That is why I welcome the creation of the Cyber Defense Alliance.

Launched recently, the Alliance will make a dramatic difference through effective sharing and collaboration, and to create intelligence that will give us a way to turn the tables on cyber crime.

Created in 2015 from the idea that an attack on one financial organisation is an attack on all.

It brings together financial and other industry institutions with the National Crime Agency.

It is a transition in cyber response from an ad-hoc endeavor, to a fully integrated response.

It is the creation of a culture of openness and trust, with a clear ambition to complement and not compete with existing organisations or initiatives.

It is institutions rising above competition to collaborate in fight against cyber-crime for the protection of the greater good by sharing resources across the globe in global centres.

But in order to stay ahead of the cyber security threat, we need to do much more.

We need much closer working between the industry and law enforcement agencies.

I’m therefore pleased to welcome this report from TheCityUK, which is a catalyst for action to raise our cyber security and resilience.

Its recommendations are simple, but simple things can make a huge difference – and potentially be game changers in the war on cyber.

The report particularly recommends industry participants collaborate and share information and with government, to enable law enforcement to disrupt cyber threats.

All of this of course is necessary, but hardly sufficient.We’re certainly all in this together as firms, but also as individuals.

In many ways that is our greatest exposure, and actions that encourage the wider adoption of hygiene standards amongst the general public are perhaps the most beneficial.

So together let’s keep them out. Recognising it is almost impossible to protect all data, if they do get in, let’s make it as unproductive for them as possible, by protecting our most important data.

Let’s face it this is war, but on a new front. 

They are the hidden enemy, operating behind the scenes and inside our organisations and our devices, and incredibly difficult to detect, take down and punish. 

As yet, no major group has been prosecuted.

Losing is potentially catastrophic and frankly, unnecessary. 

Winning allows us to preserve our society and our daily life as we know it, so let’s get ahead of this by working together and urgently against this new and common enemy.

Thank you.