Even though Sir Keir Starmer's Labour Party won a landslide victory in the 2024 UK general election, the British public is still exposed to a wide range of attacks in cyberspace. Recent history shows this: government assets, healthcare providers and private companies have all fallen victim to financially driven cybercriminal gangs.
With Starmer's term now officially underway, it is worth noting that the Labour Party's manifesto acknowledged the threat that cyberattacks pose to UK infrastructure. This is likely because the UK is the world's sixth-largest economy in terms of nominal gross domestic product (GDP), making it an attractive target for criminal gangs. In addition, UK businesses have very data-rich environments, including personal, financial and corporate information, which cybercriminals are likely to see as lucrative to steal for identity theft, financial fraud or industrial espionage.
Starmer will likely want to use his experience as a prosecutor to tackle financially motivated cybercrime. With history showing that the UK is at increased risk of devastating ransomware attacks, the government's cyber policy should strongly aim to ensure that UK businesses are accountable for improving their cyber incident preparedness frameworks. This could be achieved through legislative reform to ensure cybersecurity challenges are addressed, while prioritising proactive strategies such as multi-factor authentication (MFA) methods to combat ubiquitous phishing. One could imagine that Starmer's wish list in this regard should revolve around public sector assets, particularly critical national infrastructure (CNI), as the historical defence strategies relied on to protect these systems are increasingly unable to deal with the ever-evolving level of complexity of the cyber threat landscape.
Speaking of legislation, ahead of the announcement of the date of the UK general election on May 22, a joint committee made up of members of the House of Commons and the House of Lords warned that ransomware actors could target the election as well as high-profile individuals, including political candidates, to obtain confidential data and exploit it through extortion. The proposal should also outline a comprehensive reform that would require all ransomware victims in the UK to report incidents to the government and prohibit all critical sector organisations from paying ransoms.
However, shortly after the election on 22 May, the UK government and civil service entered the pre-election period known as Purdah under national legislation, during which ministers and their departments were not allowed to make any public announcements that could directly impact the election campaign. Among the proposals affected was a planned public consultation on reforming the government's approach to the ransomware crisis, which can be revisited now that the election is over. This should be a priority for Downing Street, as ransomware actors are likely to exploit this timeframe to launch attacks, as there is still an incentive for hackers to target victims for financial gain and payments are still possible.
Starmer is also almost certainly aware that the UK is becoming a prime target of state-sponsored cyberattacks, with government departments, defence contractors and critical sectors most at risk. These trends are likely to be driven by the UK's advanced technology and critical infrastructure systems, which provide ample opportunity for state hackers to disrupt services, intercept sensitive data and compromise target assets. Moreover, as a major player on the world stage, the UK's political influence and interference in international affairs almost certainly provides state attackers with the opportunity to use cyberwarfare to obtain sensitive government data, disrupt diplomatic relations and undermine the fabric of UK democracy.
Given recent information that the UK is the target of a wave of Chinese state-backed cyber interference targeting British voters and senior MPs, Starmer is likely to push for a cyber policy to be developed as part of his Labour manifesto, outlining the need for a long-term and strategic approach to shaping relations with Beijing.
Craig Watt is a threat intelligence advisor at Edinburgh-based MSSP Quorum Cyber. This is his first think tank contribution.