The UK government may have spent £1 billion over the last five years to bolster the country's overall levels of cyber-security, but this investment has been essentially ineffective.
So says Alex Dewedney, Director Cyber Security and Resilience at CESG (part of GCHQ, which advises organisations on how to defend against threats), who told the RSA conference that broadly speaking, the UK is failing to win the fight on cyber-security.
He said: "I think the best way to sum up the challenge we face is that, while we've done a lot over the past five years and spent quite a lot of money as a government, particularly in those years of austerity we've been through, the bottom line is it hasn't worked."
Apparently, the major problem is that GCHQ is concentrating on pushing information sharing and partnerships as the central pillar of its strategy. In other words, honing communication and making sure businesses are informed about the latest threats.
However, that alone simply isn't enough, because as Dewedney noted, nine out of 10 enterprises in this country were hit by a cyber-security breach last year – hardly a healthy picture.
Instead, he argues, the government needs to spend money on fixing legacy IT issues which stand as gaping holes ready to be exploited – these are basic measures going ignored, and they should be sorted before moving on to more sophisticated defensive measures.
Dewedney said that when he'd argued this line with his bosses, they flat out told him: "I'm not spending cyber-security programme money to subsidise other departments' IT budgets."
There are other major issues around cybercrime in the UK, as we've heard recently – including the fact that reported security breaches are the tip of the iceberg, with the majority going unreported. That is, of course, because the affected business fears the damage that will be done to its reputation.