Brexit has made the UK more vulnerable to cyber attacks, a tech minister has said.
Feryal Clark said Britain’s IT security has been behind the EU for years – and new laws to fill the gap are likely to take another two years to come into force. She said laws in the EU have been updated to combat growing threats since Brexit but that the UK has not been left “adequately protected”.
Speaking to the Mirror, the Minister for Cybersecurity recounted the dreadful delays caused by last year’s cyber attack on the NHS, which saw thousands of appointments and procedures cancelled. She compared it to her mother’s suffering after a hip replacement operation was cancelled and delayed for years during the pandemic.
“It meant she wasn’t able to use her leg… she developed other complications… it had such a knock on effect on her life. It was horrendous,” she said. Instead of being in hospital for three days for the procedure, her mum ended up being in hospital for “weeks and weeks”, she said.
Ms Clark continued: “When services are impacted by cyber attacks, when someone’s hip replacement, their knee replacement, any operations are delayed, the impact on their lives is huge. That’s where we need to make sure we are protecting our services from cyber attacks, whether that be state actors, or whether that be criminal actors, it’s really, really important.”
The minister said water, electricity and energy suppliers were among public services at risk too. “Whether it’s your water being cut off, whether it’s your energy, your lights turning off, or whether it’s being able to have that hip replacement that you’ve been waiting for for years, we as a government have a duty to make sure that we are protecting those services,” she said.
The government will on Tuesday publish the details of its Cyber Security and Resilience Bill, which will be laid in Parliament later this year. Ms Clark said she hopes the measures included in the bill will bring the UK “in line” with the EU.
Explaining that the UK was previously under EU cyber-security laws, which have been updated since Brexit, she said: “The EU updated their legislation in light of the cyber threats becoming increasing and becoming more prominent.
“But we were out of Europe so we weren’t adequately protected and that’s why when we came to the government, we were adamant about making sure that UK businesses are protected against cyber attacks. The EU has already brought forward the legislation – some of the measures – that we’re proposing. So we are hoping with these measures, we’ll be in line.”
BLUESKY: Follow our Mirror Politics account on Bluesky here. And follow our Mirror Politics team here – Lizzy Buchan, Mikey Smith, Kevin Maguire, Sophie Huskisson, Dave Burke and Ashley Cowburn.
POLITICS WHATSAPP: Be first to get the biggest bombshells and breaking news by joining our Politics WhatsApp group here. We also treat our community members to special offers, promotions, and adverts from us and our partners. If you want to leave our community, you can check out any time you like. If you’re curious, you can read our Privacy Notice.
NEWSLETTER: Or sign up here to the Mirror’s Politics newsletter for all the best exclusives and opinions straight to your inbox.
PODCAST: And listen to our exciting new political podcast The Division Bell, hosted by the Mirror and the Express every Thursday.
Ms Clark said some cyber requirements for businesses had been brought in since Brexit but many were voluntary. Labour’s bill will now put them on a statutory footing. But she admitted the legislation, which will be introduced to Parliament later this year, will take years to come into force. “We will start this year. By the time it gets Royal Assent it will be a couple of years,” she said. Under the new bill, Technology Secretary Peter Kyle will have powers to update the legislation to keep pace with emerging cyber threats, without having to go through the lengthy process again.
Cyber threats cost the UK economy almost £22billion a year between 2015 and 2019 and cause significant disruption to the British public and businesses. Last summer’s attack on Synnovis – a provider of pathology services to the NHS – cost an estimated £32.7million and saw thousands of missed appointments for patients.
In the year to September 2024, the National Cyber Security Centre managed 430 cyber incidents, with 89 of these being classed as nationally significant – a rate of almost two every week. Some 50% of British businesses suffered a cyber breach or attack in the last year, with more than 7 million incidents being reported in 2024, according to the most recent Cyber Security Breaches Survey.
The government’s new bill will boost protection of supply chains and critical national services, including IT service providers and suppliers. Some 1,000 service providers are expected to fall into the scope of the measures.
At Reach and across our entities we and our partners use information collected through cookies and other identifiers from your device to improve experience on our site, analyse how it is used and to show personalised advertising. You can opt out of the sale or sharing of your data, at any time clicking the “Do Not Sell or Share my Data” button at the bottom of the webpage. Please note that your preferences are browser specific. Use of our website and any of our services represents your acceptance of the use of cookies and consent to the practices described in our Privacy Notice and Cookie Notice.