David Frost
Lord West of Spithead Excerpts(4 years, 1 month ago)
Lords ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Lord True
My Lords, I pay tribute to the noble Lord, who was, as he told us, the first National Security Adviser. Each of those, although coming from a diplomatic background, has had different and diverse experience—the noble Lord had a particular role as chairman of the JIC. Where I do agree with him is that the Prime Minister has decided that the role of the National Security Adviser and that of the Cabinet Secretary should be divided. That will give the incumbent time to display his dedication and skills, as I have no doubt he will, in carrying out this important role.
Lord West of Spithead (Lab) [V]
My Lords, in his own words, the Prime Minister recently said that we have embarked on the most significant reassessment of the UK’s position in the world, its allies and alliances, and its defence, security and intelligence needs. Subsequently, the Wuhan virus struck, so the task is doubly complicated. This huge job is being led and co-ordinated by someone with almost no background in defence, intelligence and security. Now, we find that the other key figure in all of this work—the most important work since the Second World War—the new National Security Adviser, Mr Frost, similarly has no experience in any of these key areas. I am only a simple sailor and I would like the Minister, who I understood severed as a spad in various guises for many years, to make it clear whether he preferred advice with political spin from someone with little expertise in their field, or unbiased expert advice, particularly where the security and safety of our nation and people depended on the outcome?
Lord True
My Lords, again, I do not agree with the characterisation of the presumed danger. The Prime Minister is responsible for the integrated review, as chair of the National Security Council. Mr Frost will be involved, but there will be a cross-Whitehall process. Even as a humble special adviser, I felt it part of my duty often to give unwelcome advice to a Prime Minister, and I am sure that any decent public servant, political or otherwise, would always feel the same.
UK-EU Negotiations
Lord West of Spithead Excerpts(4 years, 2 months ago)
Lords ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Lord True
My Lords, we regard the relationship with the devolved Administrations as being of great importance and we have appreciated close contact with them in the work going on. We have different views on the way forward, although, as the noble Lord will know, the Welsh people voted to leave the European Union. We are grateful for thoughtful and considered contributions from the Welsh Government and Welsh business. There have been many opportunities to discuss arrangements, both in public and in private, but I assure the noble Lord that the interests of Welsh business and particular sectors of it continue to be well understood and well addressed and are of central concern to the Government.
Lord West of Spithead (Lab) [V]
My Lords, on this auspicious day, with President Macron visiting our Prime Minister, we are forced to focus on the past impact of war and, hence, unusually, defence. What is clear is that defence links with France, a country which pulls its weight militarily, remain close; as do our bilateral defence links with countries such as Holland and Norway, plus many other European nations. Overarching all this is our commitment to NATO, the organisation which has ensured European security since 1949. Will the Minister confirm that there have been no discussions or tacit agreements to be involved in some form of EU military force, and that the UK is not being excluded from involvement in broad, pan-European defence-industrial programmes? I quite understand if he is not up to speed on these issues, and would be very happy with a briefing on Privy Council terms.
Lord True
My Lords, with all the firepower that I see behind the noble Lord, it is hard for me to deny him anything. However, I am not in a position to give him specific answers. The points that he makes about security co-operation and vital defence, which run far outside the European continent in the present, changing world, are of great importance. I will write to him on the specific issue that he raised on defence matters.
EU: Trade and Security Partnership
Lord West of Spithead Excerpts(4 years, 2 months ago)
Lords ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
The Deputy Speaker (Lord Duncan of Springbank) (Con)
Lord Kerr of Kinlochard? No? Lord West of Spithead.
Lord West of Spithead (Lab) [V]
My Lords, a lightning rod for EU seriousness on defence and security co-operation is Project Galileo. Is it still the intention to have scientific, technological and industrial UK involvement in this project, despite lack of access to the classified output of the system?
Lord True [V]
My Lords, the UK and the EU discussed Project Galileo during the withdrawal agreement negotiations. The EU’s offer on it then did not meet the United Kingdom’s defence and industrial requirements.
Detainee Mistreatment and Rendition
Lord West of Spithead Excerpts(5 years, 1 month ago)
Lords ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Lord Young of Cookham
The Government will take all the relevant evidence into account when they announce their decision later this week. As I said, we are clear in opposing torture. The issue in debate is the extent to which it is alleged that there was knowledge of, or complicity in, the treatment of detainees in other countries. It is worth making the point that there is now a robust independent oversight regime that we have introduced over recent years. The changes in the Justice and Security Act 2013 and the Investigatory Powers Act 2016, the changes in the powers of the ISC and the statutory basis for the Investigatory Powers Commissioner have all ensured we have a robust, independent oversight regime, which I think is more transparent than nearly every other country.
Lord West of Spithead (Lab)
My Lords, does the Minister not agree that it is important that we remember that none of our men and women in any of the agencies was directly involved in torture? They might have been inadvertently one or two steps removed and we took a lot of actions to try to make it clear how they should behave in those difficult circumstances, because it had not been clear before. In all this discussion we must not assume, because it did not happen; our men and women were not involved directly in torture.
Lord Young of Cookham
The noble Lord is quite right. Our officials were not involved in torture. I take this opportunity of saying that our intelligence and security personnel try to keep us safe, in very difficult and challenging circumstances. None the less, it is right that we hold them to the highest possible standards.
Brexit: Other Policy Areas
Lord West of Spithead Excerpts(5 years, 1 month ago)
Lords ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Lord Young of Cookham
Yes. The Government plan to leave the European Union by the end of October and then we will indeed be able to get on with some of the other pressing issues. But I make the point that the Government have been taking action that does not require legislation. We had the Statement yesterday repeated by my noble friend about the 10-year NHS implementation plan. We have had Statements about zero carbon and about a breathing space for those in debt. We have announced 22 new free schools. So it is not the case that pressure on legislation is crowding out important initiatives that drive up the quality of life in this country.
Lord West of Spithead (Lab)
My Lords, the right reverend Prelate the Bishop of Derby has just taken her oath, in which defence was twice mentioned. Of course, defence and the security of the realm are the absolute highest priorities of any Government. Yet we are stumbling towards a comprehensive spending review with Armed Forces that everyone accepts are underfunded, and there seems to be almost no debate about it. Does the Minister agree that the amount of time this House has spent debating the most serious matter for any Government is rather small?
Lord Young of Cookham
If the noble Lord had joined my party three months ago, he would have been able to vote for one of the candidates who has made a specific pledge on defence expenditure. No doubt he is regretting that he did not take that step.
National Security Council Leak
Lord West of Spithead Excerpts(5 years, 3 months ago)
Lords ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Lord Young of Cookham
That raises a broader issue, but I hope that my noble friend is not suggesting that Ministers who have broken the code should remain in office simply to avoid the rotation to which he referred. If confidence has been lost, the Minister should go.
Lord West of Spithead (Lab)
My Lords, 34 years ago today, I dropped some classified papers when I was rescuing a dog from a river. I was court-martialled for that and punished for it. There is a danger of double standards here, where there is no clarity as to exactly what the offence is. Are senior people in Cabinet being treated differently from all those below them in their organisations?
Lord Young of Cookham
Any Minister who accepts office knows that he or she goes when the Prime Minister so decides—I speak as someone who has left the Government four times. I am glad that the noble Lord has recovered from the incident and that his career appears to have been unimpeded.
Digital Mapping: Restrictions
Lord West of Spithead Excerpts(5 years, 6 months ago)
Lords ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Lord Young of Cookham
I understand the noble Lord’s concern. He has tabled a number of Written Questions on the subject. In view of his concern, I have gone back to those responsible for security and received an assurance that those responsible for our critical national infrastructure are not asking for the restrictions on commercial mapping that the noble Lord seeks.
Lord West of Spithead (Lab)
My Lords, precision digital mapping and the metadata associated with it are crucial in establishing nodal analysis and targeting, nodal analysis being identifying the one or two spots within water, energy and transport systems that, when taken out, can bring a nation to its knees. Bearing that in mind, could the Minister let us know exactly who is looking at this to make this decision? It is pretty critical and, as a nation, we went to immense efforts to discover people who might be our enemies so that we could do them harm. We do not want to open ourselves up to people to do us harm.
Lord Young of Cookham
Again, I understand the noble Lord’s concern. Access to critical national infrastructure sites is, of course, heavily restricted. Ordnance Survey, as the Government’s national mapping agency, is the only mapping organisation that has right of access to property for the purpose of mapping under the Ordnance Survey Act, passed by your Lordships’ House in 1841. But in view of the concern that the noble Lord has expressed and that of the noble Lord, Lord Fox, I will go back to double-check the information I have been given. Of course, much of this information is already obtainable through satellites and Google street survey. The Soviet Union has mapped the UK since the 1940s. One has to be realistic about the amount of information already available—satellites can identify objects that are 30 centimetres long.
HS2
Lord West of Spithead Excerpts(5 years, 8 months ago)
Lords ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Lord West of Spithead
To ask Her Majesty’s Government whether they have revised their estimates of (1) the cost of, and (2) the timetable for completing, HS2 following delays and increased costs in relation to Crossrail.
Lord Young of Cookham (Con)
My Lords, HS2 Ltd regularly reviews project plans and is currently working with its contracted suppliers to update and agree its latest cost and schedule confidence assessments for phase 1. HS2 Ltd is always examining lessons learned from major infrastructure projects, including Crossrail, to improve its understanding of the risks to delivering on time and to budget. We will publish updated cost and schedule estimates for phase 1 as part of the full business case in 2019.
Lord West of Spithead (Lab)
I thank the Minister for his Answer. A huge amount of money is involved. There is not much money around and things have changed. Does the Minister think that increasing capacity on the west coast main line is more important than, for example, sorting out the shambles in the civil nuclear industry and thereby safeguarding our future energy supplies for the nation? Does he think that it is more important than getting a secure GPS system to replace Galileo, from which we were so disgracefully excluded by the EU? Does he think that it is more important than resolving the funding crisis in our Armed Forces, when Russia is confronting and destabilising our nation? If so, does he not think that this is the time to pause and reconsider where this money should be spent?
Lord Young of Cookham
The noble Lord will know that the question of allocation of resources between a range of government departments is one taken collectively by the Cabinet and announced by the Chancellor of the Exchequer at the appropriate time. It is not for a junior Minister to comment on the allocation of public expenditure between the Ministry of Defence and a whole range of departments, including those for transport and energy. On the last part of the noble Lord’s question, I think that it is right to go ahead with this project. It is expensive, but the phase 1 funding has not increased since the spending review settlement in 2015. Phase 1 is scheduled to cost £27.18 billion in 2015 prices and we are determined to keep it within that cost estimate.
Cyberattacks
Lord West of Spithead Excerpts(5 years, 9 months ago)
Lords ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Lord Young of Cookham
The Government have made it absolutely clear that we want to maintain the broadest possible co-operation with our EU partners. We want to continue to share information with security institutions in the EU. We want to go on, with them, to develop cyber resilience so that we can continue to protect our collective security, values and democratic institutions. We believe that it is in their interests, as much as ours, that this should happen, irrespective of what happens to Brexit.
Lord West of Spithead (Lab)
My Lords, the Minister will be aware that GCHQ has recently said that it can no longer guarantee the security of UK circuits that have Huawei equipment in them. How are we to take this forward now, bearing in mind that removing all Huawei gear from our systems is almost impossible, as is moving towards 5G without involving Huawei? We need a Minister in the Cabinet Office responsible for this.
Lord Young of Cookham
The noble Lord raises an important issue: how one balances the need for inward investment and to have cutting-edge technology available without jeopardising the security of our institutions. He will know that we have a mitigation strategy to deal with Huawei, which is advised by NCSC—the National Cyber Security Centre. Our approach makes sure that, where we use equipment supplied by overseas countries, our security is not compromised. The mitigation strategy is kept under constant review.
Cyber Threats
Lord West of Spithead Excerpts(5 years, 10 months ago)
Lords ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Lord West of Spithead (Lab)
My Lords, I congratulate the noble Viscount, Lord Waverley, on instigating a debate on this important topic. We have had a mention of Drake’s drum, so it would be remiss of me not to mention the Battle of Trafalgar, which took place this week, 213 years ago—no cyber there, I have to say.
I had the privilege of being the UK’s first ever Minister for Cyber Security and produced UK’s first cyber security strategy in 2009. Then, very few people acknowledged the risk. There is no such problem today, because the word cyber is on everyone’s lips. It is a huge topic, as we heard from the opening speech of the noble Viscount, and I shall raise only two points.
Cyber security has become shrouded in mystique and fear. Threat awareness is too often tilted dangerously close to scaremongering. We ignore the basic reality that cyber security is about risk management, and it is well within our capabilities to manage that risk. But it must be owned by all of us. We need to understand the risks and take simple actions to manage them.
One thing that the most sophisticated and the low-sophistication but more prolific attack have in common is that they tend to exploit basic weaknesses in defence, so the most pressing need and strategically important question is to find ways to raise the basic defences of organisations throughout our country and across the world. That is why I am delighted that the NCSC has started to implement its active cyber defence programme. The NCSC is an amazing set-up and has done incredible work. This gives a framework for UK cybersecurity that takes away most of the harm from most of the people most of the time. It is identifying ingenious solutions to spoofing—it has done that on a huge scale already. It involves partnerships such as threat sharing with CSPs, which already block tens of millions of attacks automatically every month.
It recognises the importance of the individual in all this, which is my first point. We have not made it easy for our people. We must be serious about understanding the human being and stop blaming humans for being the weakest link in cybersecurity: they are the most important. They often are weak but we should not blame them for that. Human factors techniques can maximise human performance while ensuring safety and security. We must design technology that fits a person’s physical and mental abilities: in other words, fitting the task to the human, not the other way around. There must be much wider recognition of the importance of the user.
In the active cyber defence programme, one of the drivers is that users had guidance fatigue. I am not surprised: there was always something they were doing wrong, had not done or should not have been doing. My children tell me that all the time when I am on the computer. Basically, we want to make it easy for people to do these things. That is why there was a change to the unworkable password guidance. Now, we encourage people to protect heavily what they cannot afford to lose and do what they can with everything else. My goodness me, look at these passwords! If you want to get a train ticket, go to the opera or do anything, you have to have a bloody password—sorry, you have to have a password. It is a complete nightmare.
We need to make sure that everyone using a network understands easily how to use it safely. This is just as important as investing in network security technology. Networks have users, and if users cannot do their work effectively while understanding how to do it safely, security is compromised.
My second point relates to our nation’s move towards 5G and the inherent risks in how we are moving forward. The Huawei equipment fitted in our communications systems is a perfect conduit for the exfiltration of data and, as newer systems have come into operation, updated remotely by software from China, so our experts have found it increasingly difficult to be sure that they are constantly safe for use. In view of the ease of supply, cost and quality, the decision was that Huawei equipment should be used in UK systems, and I think that that decision was correct when it was made. It is clear that Huawei is very conscious of security concerns and has tried to alleviate them by more openness and by employing UK experts, many from GCHQ, to monitor its equipment on our behalf.
However, that does not remove all my concerns, and events have moved on. Huawei is set to lead the global charge into 5G, originally in conjunction with another Chinese company, ZTE. Huawei, of course, is not owned directly by China, but ZTE is, and Huawei has signed a deal to provide the next generation of mobile broadband kit to British Telecom. Yet the Huawei Cyber Security Evaluation Centre, overseen by GCHQ, has identified issues with Huawei’s engineering processes that lead to new risks in the UK tele-communications networks. Indeed, GCHQ says it cannot guarantee their security. In addition, GCHQ has effectively banned the use of ZTE by UK firms. A letter was produced saying that we should not use it.
Bearing in mind the huge impact of banning ZTE and Chinese companies in foreign policy, BEIS and trade terms, I ask the Minister: was this a Cabinet decision, or was it made by an official in GCHQ? Fifth-generation mobile services will eventually underpin the new digital landscape, as has already been mentioned. It will transform lives and economies as data analysis, artificial intelligence, the internet of things and quantum computing permeate all areas of human endeavour. We are hoping to start the move towards 5G next year—indeed, we need to. We have to get ahead of all this, particularly with Brexit. We are good at these things, and we need to get ahead.
These changes will bring huge benefits to us all. They will transform healthcare, create smart, energy-efficient cities, make work lives more productive and revolutionise the relationship between business and the consumer. But they bring risks that, if unchecked, could make us more vulnerable to terrorists, hostile states and serious criminals.
I have no doubt that China’s dominance of the technology that will power the next generation of superfast mobile broadband threatens to leave the UK vulnerable to Chinese espionage. However, we probably need to use it so we must identify means of ameliorating the risks. As an aside, I am also very concerned about the spread of Chinese Hikvision equipment, thousands of pieces of which are already installed across the country and connected to our networks. They will all be enabled by 5G. There will be not only cameras, but sound as well. They will sit in every office, see everything on every desk and record everything that is going on, once 5G is linked.
Is the Minister happy that a part of the parliamentary estate is scheduled to have Hikvision installed in January next year? I believe that there is an urgent need to have a small cell set up in the Cabinet Office reporting through the National Security Adviser directly to the Prime Minister to establish what level of risk the UK is willing to accept and to advise what amelioration is required. Banning Huawei and other Chinese firms totally is not a realistic option. Resilience, not IP theft, is our major concern.
Finally, I ask the Minister: is work going on to consider early, robust and fair solutions to what is a global challenge of balancing investment, trade and security, as we will have to protect some parts of our infrastructure by exclusion?
Lord Young of Cookham
I was referring to the responsibilities of the Department for Education. The relevant Minister is sitting at my side and will have heard that. We will write to the noble Lord, giving a more detailed reply on the role of that department, if that is what he wants.
The Government actively manage potential risks to UK infrastructure—a point on CNI raised by the noble Lord, Lord Fox. This includes risks related to foreign equipment used in our telecoms industry. This important issue was raised by the noble Lord, Lord West, who expressed concerns about our telecoms structures. I want to make it clear that the Government have not banned ZTE. The NCSC has raised its concerns about the ability to manage the risk of having more Chinese-supplied equipment on UK infrastructure undermining existing mitigations, including those around Huawei. The noble Lord is right that we cannot ban our way out of this, but I can confirm that the Department for Digital, Culture, Media and Sport, with the NCSC, is leading the review into the security and resilience of our telecoms supply chain.
Lord West of Spithead
Has this been debated at Cabinet level? Bearing in mind that it has an impact on so many departments, it really needs to be looked at in the round, so I would be grateful for an answer.
Lord Young of Cookham
I am sure the noble Lord would be grateful for an answer, but I do not have one. I do not know whether it has been debated in Cabinet or in a Cabinet sub-committee. However, within the constraints of what happens within the machinery of government, which the noble Lord will be familiar with, I will see whether I can shed some light on the important issue he has raised.
The noble Lord also raised the issue of Chinese investment that meets stringent legal and regulatory standards. At the heart of this is the recognition that we need confidence in our ability to get the right balance between security in our critical infrastructure and the growth, productivity and inward investment opportunities. The findings of the review will report to the Prime Minister and the National Security Adviser. It is right that in the face of these shared threats the UK works alongside its international partners and allies to expose, confront and disrupt hostile or malicious activity.
Lord West of Spithead
Is the Minister concerned about H1K and the fact that CCTV will now have sound and that when it is 5G enabled every one of those things will be able to take down data and pass it on? Where do we stand on this?
Lord Young of Cookham
When we discussed this yesterday, the noble Lord was concerned about the installation within the Palace of Westminster of this capacity, which could indeed read stuff that was on my desk. I think this is primarily a matter for the authorities within the parliamentary estate. I will share with them the noble Lord’s concerns and get a considered reply, possibly from the noble Lord, Lord McFall.
It is right that in the face of these shared threats the UK works alongside its international partners and allies to confront, expose and disrupt hostile or malicious activity. Noble Lords will have seen recently our attribution of a range of indiscriminate and reckless cyberattacks to the work of Russian military intelligence, and 21 other countries stood with us to call this out. That builds upon a host of cyberattacks that we and our international partners have attributed to North Korean actors, including the WannaCry incident, one of the most substantial to hit the UK in terms of scale and disruption.
We are absolutely clear that we must work together to show that states attempting to undermine the international rules-based system cannot act with impunity. The Foreign Secretary pressed this point with his counterparts at the Foreign Affairs Council earlier this week, and the Prime Minister is today encouraging the European Council to accelerate work to strengthen the EU response to malicious cyber activities, including a new regime of restrictive measures.
When necessary, we will defend ourselves. We are continuing to develop our offensive cyber capabilities as part of the toolkit that we use to deter our adversaries and deny them opportunities to attack us both in cyberspace and in the physical sphere. My noble friend Lord Borwick referred to this. If he looks at page 51 of the National Cyber Security Strategy 2016 to 2021, I hope he will be reassured by what we say about enhancing sovereign capabilities and offensive cyber, ensuring that we have at our disposal,
“appropriate offensive cyber capabilities that can be deployed at a time and place of our choosing, for both deterrence and operational purposes, in accordance with national and international law.”.
It is also vital that we continue to reaffirm our shared vision for an open, peaceful and secure digital world based on the rule of law and norms of behaviour. The noble Lord, Lord Ricketts, was right to refer to the speech by the previous Attorney-General saying that international law applied to cyberspace. It seems to me that if a foreign state were to drop a bomb on our airports we would have a right to reply, and likewise if our airports are immobilised through cyber we should equally have such a right, though of course that should be proportionate and legal. We do not concede ground to those who believe that existing international law does not apply, or who seek to impose controls through international fora as a means of restricting basic human rights.
Our work with international partners goes beyond joint operations and influencing. For example, the noble Viscount, Lord Waverley, asked about the work that we are doing with the Commonwealth. We have been scoping and piloting projects to date, but we are now accelerating delivery and expect to have spent £2.3 million by the end of this financial year. Much of this is in partnership with the private sector—for example, we are working with Citibank, an American bank, to build resilience in the Commonwealth finance sector.
I did not think we would get through the debate without Brexit being raised by the noble Lords, Lord Fox and Lord St John of Bletso. The cyber threat that the UK and its European allies face from state actors and cybercriminals remains significant and, as the noble Lord, Lord Kennedy, says, it knows no international boundaries. That is why the UK is seeking to maintain the broadest possible co-operation with our EU partners so that we can continue to share information with EU security institutions, deepen industrial collaboration and work together to develop cyber resilience in support of our collective security, values and democratic processes. Continued co-operation with the EU is not only in our interest; it is firmly in the interest of the EU as we look to respond to hostile state and non-state actors in cyberspace.
At this halfway point in the delivery of our national cyber security strategy, we have put in place many of the building blocks to transform the UK’s cybersecurity and resilience, already demonstrating results. However, we can never become complacent. Just as the threat from cyber criminals and nation states continues to evolve, so too must we continue to innovate and respond at scale and pace. We are therefore stepping up our protection of government systems, from the NCSC’s excellent active cyber defence measures to models adapted from those used by the finance sector to test the security of public services.
On the subject of defence, the noble Lord, Lord Browne, a previous Secretary of State, raised some important issues about the security of our defence systems. We have well-established processes in place to address cybersecurity and the protection of our weapons systems. We are continuing to invest—for example, through our £265 million programme of cyber vulnerability investigations for military equipment. On the specifics of responding to the report published in the US, I will happily write to the noble Lord. To allay his concerns on the UK’s use of equipment supplied by the United States, I refer him to the details of the NCSC’s support of the MoD’s Modernising Defence programme in its recent annual review, where examples include stringent testing of the new F35B fighter planes.
Lord West of Spithead
My Lords, I am sorry to ask the Minister to give way again. I do not always share the views of my noble friend Lord Browne on some of these issues, but on the Dreadnought programme, which is crucial, could the Minister maybe go back to the Secretary of State for Defence and say, “There really is a need for red-teaming regarding the threat of cyber to the Dreadnought programme, as it is in-build”?
Lord Young of Cookham
I take very seriously such a warning coming from the noble Lord. I will share of course his concerns with my right honourable friend the Secretary of State for Defence and get him to write to him.
While it is difficult to avoid headlines about attacks and breaches, doing something about it is still often seen as too technical, too difficult or someone else’s problem. However, one of the themes that has emerged from our debate is that cybersecurity is everyone’s responsibility. We consider it vital that all organisations embrace and embed cybersecurity, from the boardroom down. That is why we have targeted efforts at driving long-term change, starting with helping boards to better understand the risks they face and to invest appropriately. This year’s cybersecurity breaches survey revealed that only 30% of businesses have a board member with responsibility for cybersecurity, and that is not good enough. We must ensure that boardrooms provide active leadership to ensure that cybersecurity is ingrained into organisational cultures and mindsets—a point well made by the noble Lord, Lord St John of Bletso, who also drew attention to the substantial fines that companies are now exposed to under GDPR if they do not comply with the new legislation. As the noble Lord, Lord Fox, highlighted, understanding exactly how secure data and systems are in complex organisations has never been more important.
I am conscious that I am not going to be able to get through all the points that have been raised within the allocated 20 minutes, so I will write to noble Lords to deal with the issues that I have not been able to address today. In conclusion, I hope I have been able to demonstrate not just that we understand the scale of the challenge that we face but that we are seeking to create the environment for everyone to be at their most collaborative and agile to respond, a point well made by the noble Earl, Lord Erroll. As we face new challenges in the year ahead, we need to ensure that we remain focused on reaching across organisational, political and geographical boundaries. As we face those challenges, I will ensure that we take on board the valuable suggestions that noble Lords have made in today’s debate so that we can continue to protect the economic and individual freedoms that make us stronger together.