Cyber Security and Resilience (Network and Information Systems) Bill
Debate between Ian Murray and Chris Vince(1 day, 10 hours ago)
Commons ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
The Minister for Digital Government and Data (Ian Murray)
I beg to move, That the Bill be now read a Second time.
A happy new year to you, Mr Speaker, and to all the House staff. This is the first opportunity I have had to say that to you.
On 3 June 2024, a busy Monday morning in south-east London, criminals attacked Synnovis, an organisation that processes blood tests on behalf of our national health service. They did not turn up physically, but logged on to computers thousands of miles away and set off ransomware—malicious software that encrypts files from afar, making them unusable. The attack had a ripple effect across London hospitals. It delayed 11,000 appointments, blood transfusions had to be suspended and the company lost tens of millions of pounds.
This was not an isolated case. In the year leading up to September 2025, the National Cyber Security Centre dealt with 204 “nationally significant” incidents, meaning that they seriously disrupted central Government or our critical public services. That is more than double the 89 incidents in 2024. No one disputes that we must do everything we can to protect the UK from these attacks. The UK is the most targeted country by cyber-attacks in Europe, and it was the fifth most targeted nation in 2024 by nation state-affiliated threat actors. In 2024, it is estimated that UK businesses experienced over 8.5 million cyber-crimes in the 12 months preceding the survey, and that in that year more than four in 10, or 43%, of UK businesses were subject to a cyber-attack, affecting more than 600,000 businesses in total.
Significantly, cyber-attacks are estimated to cost UK businesses almost £15 billion each year, equivalent to 0.5% of the UK’s annual GDP, notwithstanding the wider economic effects of intellectual property theft or the experience of patients, as in the first example. The average cost of a significant cyber-attack for an individual business in the United Kingdom is estimated to be just over £190,000. There has been a 200% increase in global cyber-attacks on rail systems in the past five years, increasing the likelihood of severe disruption to the economy and to people’s daily lives.
Chris Vince (Harlow) (Lab/Co-op)
Does the Minister agree that, as we become more and more reliant on IT systems—I am thinking in particular about the new patient registration system at the Princess Alexandra hospital in my constituency—it is more and more important that we combat potential cyber-attacks, particularly from foreign powers and enemies of this country? That is why the Bill is so crucial.
Ian Murray
I could not agree more. I gave the example of the Synnovis incident that brought blood transfusions in London to a halt, affecting thousands of patients. Our everyday lives are affected by this. As we modernise and digitise our economy and our Government, we have to ensure that our systems are as secure as possible, and cyber-security is right at the heart of that. This is not just a defensive issue; it is very much an economic growth issue as well, as we can see from the impact it has on our economy, our public services and the day-to-day lives of people, as in the example of our train systems that I just mentioned.
Ian Murray
This is about making sure that we extend the scope of the 2018 regulations into other parts of the economy, and I will come on to that later in my contribution. It is about reporting things more quickly to ensure that the attacks can be seen and action can be taken more quickly. It is also about reporting to the regulators to give the regulators confidence and powers across a wider scope of sectors in the economy, and to give businesses the confidence that those sectors have to report to the regulators when things are going wrong so that swifter action can be taken. We can see from the host of recent high-profile issues, including at Hackney council, that it is important to ensure that this legislation goes through quickly and does the job that it is intended to do.
Chris Vince
I thank the Minister for giving way; I apologise for intervening again. Is there a piece of work we need to do on culture? When businesses or the public sector are victims of cyber-crime, there is a danger that employees may feel embarrassed or nervous about reporting their concerns. We need to encourage people if they are victims of cyber-crime to come forward quicker and to recognise the challenges, rather than trying to hide them away and the issue becoming worse.
Ian Murray
While physical security and national security are issues for all of us, so is cyber-security. The Bill builds on the 2018 regulations to widen the scope into other areas of the economy where such issues have become much more prevalent—for example, data centres. I hope that doing so will give industries and sectors, including their employees, the confidence to report things to the regulators. Giving powers to the regulators will give businesses the confidence that they can report stuff; it is not a regulatory heavy hand dampening businesses. I hope that I can assure my hon. Friend and the rest of the House on that.
Before that significant number of interventions, I was talking about why this issue matters and gave statistics for recent cyber-security activity in the United Kingdom. As a result of all that, one of the very first things we did as a new Government after the election was announce this new cyber-security Bill, just 10 working days in. Since then, the Department has been talking to cyber experts, businesses and regulators to turn these proposals into the comprehensive, serious and proportionate piece of legislation that we present for Second Reading today—one that protects the public and strengthens national security without placing undue burdens on businesses. I appreciate that that is a fine balance, but I think that this Bill finds that balance, so I am confident that the whole House will support it.
Oral Answers to Questions
Debate between Ian Murray and Chris Vince(3 weeks ago)
Commons ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Chris Vince (Harlow) (Lab/Co-op)
Digital IDs have the potential to make life much easier for my constituents in Harlow. However, I have constituents who are concerned about data security. What reassurance can the Minister give them that their data will be safe with this new system?
Ian Murray
The data will be safe. It will be a fragmented system, and it will have the highest possible data security standards attached.
Oral Answers to Questions
Debate between Ian Murray and Chris Vince(10 months ago)
Commons ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Ian Murray
The Prime Minister is absolutely right when he says that the first responsibility of this Government is to protect our national security and keep our citizens safe. The last time that defence spending was at 2.5% of GDP was under the last Labour Government.
Scotland is a leader in the defence industry. Just this week, I had the pleasure of visiting JFD in Renfrew, which works with the Royal Navy to design, manufacture and operate world-class submarine rescue systems. From Babcock and BAE Systems to small businesses and start-ups, I am determined that Scotland leads the way in building our military industrial base.
Chris Vince
Given that the defence sector already supports more than 20,000 jobs in Scotland, as well as hundreds in Harlow, does the Secretary of State agree that the Government’s commitment to increase defence spending will also help to grow Scotland’s economy and create more skilled jobs?
Ian Murray
For years the defence sector in Scotland has been at the forefront of creating skilled, well-paid jobs, despite the SNP’s refusal to stand up and back UK defence. This week is Scottish Apprenticeship Week, and I hope that those on both sides of the House—particularly Members from Scotland—will join me in paying tribute to Scotland’s wonderful defence sector apprentices, who do a great job at not just keeping our country safe, but helping our economies grow and building the skills base of Scotland’s future.