Burnham warned digital exclusion is now a national security risk

ISF chief Steve Durbin says the incoming Prime Minister must put cyber resilience, skills and access to technology at the heart of government or leave Britain exposed to hostile actors

Andy Burnham has been warned that digital exclusion has become a national security risk that must be confronted from his first day in Downing Street.

Steve Durbin, chief executive of the Information Security Forum (ISF), said the incoming Prime Minister must treat cyber resilience, digital skills and community access to technology as core national priorities, warning that hostile actors “will always go for the weakest link”.

Speaking on Business Matters, Durbin said cyber defence should be one of Burnham’s first priorities because modern warfare, public services and business resilience now depend on secure technology.

“Defence has to be up there,” he said. “So much of what we do now is based on the technology.”

Burnham, who enters Downing Street tomorrow after serving as mayor of Greater Manchester, has long championed community-level access to technology and public services. Durbin said that agenda now had to be seen through the lens of national security as well as social fairness.

Digital inclusion means giving people the skills and confidence to use phones, apps and online services safely, Durbin said.

“For a lot of people, digital inclusion means handing people a telephone, a smartphone, and saying, well, there you go,” he added.

“It isn’t just about access. It’s about the knowledge that you need to actually make use of the technology that you have access to.”

In an in-depth interview with Juliette Foster, Durbin said governments faced a major challenge as more public services moved online, citing HMRC’s drive to make tax digital as an example of a system that must be simple enough for ordinary people to use.

Asked whether digital exclusion made a country more vulnerable, Durbin said: “I do.”

He added: “We have to remember that hostile actors will always go for the weakest link. And so it isn’t just about bringing everyone up to the same level because that’s the thing to do. There is also a national security component in this as well.”

The warning comes as Burnham prepares to enter Number 10 during a period of political and economic uncertainty, with businesses asking how a change in leadership could affect cyber resilience, national security and investment.

Durbin said Ukraine had shown how quickly technology could reshape defence, particularly through drones and digital systems operated by ordinary people with transferable skills.

He said drone technology was “very akin to playing with a PlayStation”, opening up potential job routes for people who had grown up using similar controls and interfaces.

The same logic applied beyond conflict, he said, with digital tools and drone technology already embedded across wider industries.

Andy Burnham, left, with Mayor of West Yorkshire Tracy Brabin and Prime Minister Keir Starmer in Downing Street. Burnham has been warned that digital exclusion must be treated as a national security risk when he enters office. Credit: Simon Dawson / No 10 Downing Street / OGL 3


Durbin said the Department for Science, Innovation and Technology had done “some good things” by drawing on outside expertise and building stronger links between government and the private sector.

But he warned that too much official thinking still focused on technical cyber issues rather than the human weaknesses attackers exploit.

“That, for me, is like old school cyber,” he said. “We need now to be shifting to focus not just on that piece, but also on the people element, because that becomes the weakest link.”

He said cyber education should start in schools, with young people taught why digital systems matter and how to use them safely.

International alliances such as NATO, Five Eyes and GlobalEye also remained crucial to cyber resilience and hybrid warfare, Durbin said, but their value depended on trust.

“The amount of sharing that goes on across there has been outstanding over the years,” he said of Five Eyes. “But it has to be formed on this basis of trust.”

He warned that countries which failed to invest properly, share intelligence or make credible contributions could find themselves excluded from the highest levels of cooperation.

“If I can’t trust you, I’m not going to share at the level that we’re used to,” he said.

For businesses, Durbin said the political transition made planning harder, especially for smaller firms already affected by rising costs and policy changes.

He said companies should focus on what they can control, protect core assets and move towards scenario-based planning rather than relying on a stable political or economic environment.

“What we’re seeing is organisations moving much more to scenario-based planning,” he said. “Let’s take a few scenarios around this and let’s plan accordingly.”

Durbin said the UK’s recent political instability had forced businesses to become more agile, but warned that a poor business environment could drive companies and entrepreneurs overseas.

“The barrier to movement now has been significantly reduced,” he said. “You do run the risk of some of your smartest, brightest entrepreneurs and businesses leaving.”

He said cyber resilience should be treated as part of the country’s basic infrastructure, alongside gas, electricity and water.

There was even an argument for putting digital first, he said, because essential utilities are now dependent on technology.

“All of those other things that you just talked about and mentioned are enabled by technology,” he said.

Durbin said Britain’s cyber skills shortage could not be solved by focusing only on technical training or STEM subjects.

He said the sector needed people with curiosity, creativity and problem-solving skills, including those from arts backgrounds.

“The sorts of skills that you need could equally be well found with people with arts degrees,” he said.

He called for apprenticeships, internships and attractive skills programmes, with large organisations helping to train entry-level recruits while government creates a tax and business environment capable of drawing global talent into the UK.

Durbin also said cyber insurance was beginning to drive better business behaviour as insurers demanded higher standards, stronger policies and evidence that organisations could respond to attacks.

He said insurers were increasingly interested in simulation exercises that show whether companies can cope with a cyber incident.

“It’s long overdue,” he said. “I welcome it.”

Cyber due diligence also needed to become a more serious part of mergers and acquisitions, he said, warning that some buyers had acquired businesses only to discover digital and security problems later.

“We need to be digging into that in as much detail as we do the financials,” he said.

Durbin said cyber specialists should be involved earlier in acquisition processes so buyers have a clearer picture of the systems, data and risks they are taking on.

He said governments should avoid rushing to regulate this part of the market because legislation often lagged behind technology. Industry bodies, he said, were better placed to move quickly and reflect what was happening on the ground.

Asked whether a change of political leadership in the UK created an opportunity to reset cyber resilience, Durbin said the opening was clear but would depend on whether the next leader seized it.

“Clearly, there’s an opportunity,” he said. “Whether or not the next incumbent chooses to grab it with both hands, we’ll have to wait and see.”

He said he wanted to see more people in government with direct experience of cyber, technology and digital resilience.

“I would like to see a little bit more experience in government of people who do understand those things,” he said.

Watch the full interview with Steve Durbin, chief executive of the Information Security Forum, on Business Matters at 9.30am on Sunday, July 19, on Bloomberg TV, available on Sky 502, Sky Glass 505, Virgin 609 and Freesat 208.




VIEW MORE: Companies warned over sleeper-cell-type hackers inside their networks. ISF chief Steve Durbin says attackers are using business systems to gather intelligence that could later be used for espionage, disruption and reputational damage.

Do you have news to share or expertise to contribute? The European welcomes insights from business leaders and sector specialists. Get in touch with our editorial team to find out more.

TOP STORIES