UK Biobank Data
Debate between Chris Vince and Ian Murray(1 week, 6 days ago)
Commons ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Ian Murray
Yes, I can give that assurance. This Government are giving UK Biobank all the support that it requires to resolve the immediate issue and in the short term to get the system back up and running in as secure a way as possible. Let me echo that participants in UK Biobank have done a great service to the people of this country and around the world. We owe it to them to be transparent and secure, and to ensure that their data is not only safe but advancing UK and worldwide medical research for the benefit of everyone.
Chris Vince (Harlow) (Lab/Co-op)
I will not mention Harlow Town, I promise. [Laughter.]
May I thank the Minister for his statement? I agree with others that UK Biobank is an excellent resource, and I have no doubt that its research has made a huge difference to the health of my constituents. Although this issue is not specifically a cyber-security breach, as he correctly said, will he join me in welcoming the Government’s Cyber Security and Resilience (Network and Information Systems) Bill? Along with the hon. and gallant Member for Spelthorne (Lincoln Jopp), I had the pleasure of serving on the Bill Committee. Will the Minister add to the work that this Government are doing to ensure that our data across all industries, including the charity sector and Government, is safe under this Government?
Ian Murray
In a previous question, my hon. Friend said that Harlow Town were the Man City of non-league football. May I simply suggest that he is the Man City of speaking in this Chamber in terms of the quality and regularity of his contributions? That may be challenged by the hon. Member for Strangford (Jim Shannon)—let us look at the data.
I echo what my hon. Friend said in his question, because it is really important for us to impress on the public that data is secure and safe. This Government take that incredibly seriously, not just in the legislation being passed, which he has been a part of, but in the cyber-security tools available for free from this Government to businesses, organisations and institutions right across the country. We wrote to those organisations last week to inform them that those tools were available, and I continue to echo to all businesses, institutions and organisations that they should get involved in ensuring that they are as cyber-secure as possible. We are only as secure as the weakest, and we all have to be as secure as we possibly can be.
Cyber Security and Resilience (Network and Information Systems) Bill
Debate between Chris Vince and Ian MurrayTuesday 6th January 2026
(4 months ago)
Commons ChamberRead Full debate Cyber Security and Resilience (Network and Information Systems) Bill 2024-26 View all Cyber Security and Resilience (Network and Information Systems) Bill 2024-26 Debates Read Hansard Text Read Debate Ministerial Extracts
The Minister for Digital Government and Data (Ian Murray)
I beg to move, That the Bill be now read a Second time.
A happy new year to you, Mr Speaker, and to all the House staff. This is the first opportunity I have had to say that to you.
On 3 June 2024, a busy Monday morning in south-east London, criminals attacked Synnovis, an organisation that processes blood tests on behalf of our national health service. They did not turn up physically, but logged on to computers thousands of miles away and set off ransomware—malicious software that encrypts files from afar, making them unusable. The attack had a ripple effect across London hospitals. It delayed 11,000 appointments, blood transfusions had to be suspended and the company lost tens of millions of pounds.
This was not an isolated case. In the year leading up to September 2025, the National Cyber Security Centre dealt with 204 “nationally significant” incidents, meaning that they seriously disrupted central Government or our critical public services. That is more than double the 89 incidents in 2024. No one disputes that we must do everything we can to protect the UK from these attacks. The UK is the most targeted country by cyber-attacks in Europe, and it was the fifth most targeted nation in 2024 by nation state-affiliated threat actors. In 2024, it is estimated that UK businesses experienced over 8.5 million cyber-crimes in the 12 months preceding the survey, and that in that year more than four in 10, or 43%, of UK businesses were subject to a cyber-attack, affecting more than 600,000 businesses in total.
Significantly, cyber-attacks are estimated to cost UK businesses almost £15 billion each year, equivalent to 0.5% of the UK’s annual GDP, notwithstanding the wider economic effects of intellectual property theft or the experience of patients, as in the first example. The average cost of a significant cyber-attack for an individual business in the United Kingdom is estimated to be just over £190,000. There has been a 200% increase in global cyber-attacks on rail systems in the past five years, increasing the likelihood of severe disruption to the economy and to people’s daily lives.
Chris Vince (Harlow) (Lab/Co-op)
Does the Minister agree that, as we become more and more reliant on IT systems—I am thinking in particular about the new patient registration system at the Princess Alexandra hospital in my constituency—it is more and more important that we combat potential cyber-attacks, particularly from foreign powers and enemies of this country? That is why the Bill is so crucial.
Ian Murray
I could not agree more. I gave the example of the Synnovis incident that brought blood transfusions in London to a halt, affecting thousands of patients. Our everyday lives are affected by this. As we modernise and digitise our economy and our Government, we have to ensure that our systems are as secure as possible, and cyber-security is right at the heart of that. This is not just a defensive issue; it is very much an economic growth issue as well, as we can see from the impact it has on our economy, our public services and the day-to-day lives of people, as in the example of our train systems that I just mentioned.
Ian Murray
This is about making sure that we extend the scope of the 2018 regulations into other parts of the economy, and I will come on to that later in my contribution. It is about reporting things more quickly to ensure that the attacks can be seen and action can be taken more quickly. It is also about reporting to the regulators to give the regulators confidence and powers across a wider scope of sectors in the economy, and to give businesses the confidence that those sectors have to report to the regulators when things are going wrong so that swifter action can be taken. We can see from the host of recent high-profile issues, including at Hackney council, that it is important to ensure that this legislation goes through quickly and does the job that it is intended to do.
Chris Vince
I thank the Minister for giving way; I apologise for intervening again. Is there a piece of work we need to do on culture? When businesses or the public sector are victims of cyber-crime, there is a danger that employees may feel embarrassed or nervous about reporting their concerns. We need to encourage people if they are victims of cyber-crime to come forward quicker and to recognise the challenges, rather than trying to hide them away and the issue becoming worse.
Ian Murray
While physical security and national security are issues for all of us, so is cyber-security. The Bill builds on the 2018 regulations to widen the scope into other areas of the economy where such issues have become much more prevalent—for example, data centres. I hope that doing so will give industries and sectors, including their employees, the confidence to report things to the regulators. Giving powers to the regulators will give businesses the confidence that they can report stuff; it is not a regulatory heavy hand dampening businesses. I hope that I can assure my hon. Friend and the rest of the House on that.
Before that significant number of interventions, I was talking about why this issue matters and gave statistics for recent cyber-security activity in the United Kingdom. As a result of all that, one of the very first things we did as a new Government after the election was announce this new cyber-security Bill, just 10 working days in. Since then, the Department has been talking to cyber experts, businesses and regulators to turn these proposals into the comprehensive, serious and proportionate piece of legislation that we present for Second Reading today—one that protects the public and strengthens national security without placing undue burdens on businesses. I appreciate that that is a fine balance, but I think that this Bill finds that balance, so I am confident that the whole House will support it.
Oral Answers to Questions
Debate between Chris Vince and Ian Murray(4 months, 2 weeks ago)
Commons ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Chris Vince (Harlow) (Lab/Co-op)
Digital IDs have the potential to make life much easier for my constituents in Harlow. However, I have constituents who are concerned about data security. What reassurance can the Minister give them that their data will be safe with this new system?
Ian Murray
The data will be safe. It will be a fragmented system, and it will have the highest possible data security standards attached.
Oral Answers to Questions
Debate between Chris Vince and Ian Murray(1 year, 2 months ago)
Commons ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Ian Murray
The Prime Minister is absolutely right when he says that the first responsibility of this Government is to protect our national security and keep our citizens safe. The last time that defence spending was at 2.5% of GDP was under the last Labour Government.
Scotland is a leader in the defence industry. Just this week, I had the pleasure of visiting JFD in Renfrew, which works with the Royal Navy to design, manufacture and operate world-class submarine rescue systems. From Babcock and BAE Systems to small businesses and start-ups, I am determined that Scotland leads the way in building our military industrial base.
Chris Vince
Given that the defence sector already supports more than 20,000 jobs in Scotland, as well as hundreds in Harlow, does the Secretary of State agree that the Government’s commitment to increase defence spending will also help to grow Scotland’s economy and create more skilled jobs?
Ian Murray
For years the defence sector in Scotland has been at the forefront of creating skilled, well-paid jobs, despite the SNP’s refusal to stand up and back UK defence. This week is Scottish Apprenticeship Week, and I hope that those on both sides of the House—particularly Members from Scotland—will join me in paying tribute to Scotland’s wonderful defence sector apprentices, who do a great job at not just keeping our country safe, but helping our economies grow and building the skills base of Scotland’s future.