David Chadwick (Brecon, Radnor and Cwm Tawe) (LD)

- View Speech - Hansard -

Copy Link

-

Cyber-attacks are a growing menace for British businesses. They cause chaos for all types of businesses and organisations, both small and large. The consequences of those attacks have hit our economy hard. The disruption caused by the cyber-attacks on Jaguar Land Rover, M&S and the Co-op were felt by many businesses further down their supply chains; for instance, the disruption that hit JLR resulted in a freeze for its steel supply chain, much of it in Wales.

So much of our economy relies on well-functioning digital platforms. Last year, many Lloyds bank customers found themselves unable to access money or pay their bills due to app outages, with that problem compounded by its decision to close high street branches. Yet, bizarrely, Lloyds decided still to pay its chief executive officer Charlie Nunn £5 million in 2024. I make that point to illustrate the lack of accountability we see in positions at the top of these organisations despite massive numbers of people being reliant on those services.

A successful cyber-attack often ends in people having their personal data stolen. That is why it is welcome that the Bill highlights sensible requirements to ensure that businesses properly consider supply-chain risks and their usage of managed service providers, as well as many others. On the other hand, it will be a mystery to many why sectors such as finance, food and drink and retail have not been included, particularly considering how those sectors have been hit hard recently.

The Government would clearly like to achieve security. To do that, it would help if the Bill could be improved to provide greater certainty and clarity for businesses. For instance, how are businesses supposed to manage relationships with managed service providers? For five years, I worked in the cyber-security industry, starting with the introduction of the GDPR, which happened at the same time as the original NIS directive. I found that the cyber-security sector is a well-connected community underpinned by a welcome commitment to sharing knowledge and best practice. For instance, Cyber Wales is a representative body that brings together the Welsh cyber-community. It is an industry that requires input from academia, law enforcement agencies, defence and businesses. There are clusters of success across Wales, including in my constituency. Partnerships built in academia often create spin-off companies that generate jobs. For instance, in Wales, the University of South Wales and Swansea University have done a lot to build up our local cyber-security ecosystem. As the Bill progresses, the Government would be wise to continue to consult regularly with this very engaged community.

It would be helpful to hear what sort of consultations, and how many, have taken place so far. It would also be helpful to hear the Government respond to the Information Systems Audit and Control Association’s proposals, particularly around giving regulators the power to suggest mandatory penetration testing.

The growing cyber-security sector should be a route for much needed economic growth and well-paid jobs in Wales. Many such jobs can be done remotely from anywhere with an internet connection. Recent research from Infosecurity suggests that there are 17,000 vacancies in the cyber-security industry right now, with that figure growing at 10% to 12% a year. That is a huge opportunity for a country like Wales.

Having an effective skills base is one way in which we can guard ourselves against cyber-attacks. Keeping Britain safe from cyber-attacks requires a trained workforce who can marry technical expertise with regulatory competence. I have seen in my professional experience how many people from many other sectors were able to retrain and upskill to work in cyber-security. People with experience in project management or managing processes are very capable of retraining to work in the cyber-security industry. Special thought should be paid to military veterans in particular, who are well suited to those jobs.

One of the questions for the Government should be about how to help more British people into those jobs while ensuring that our education system is equipped to help children pick the sector. That is why I call on the Government to ensure that funding is available for all schools in Wales to take part in the highly successful CyberFirst Wales scheme.