Manifesto analysis summary: UK pre-election focus on security issues
- Based on manifesto analysis, the Conservative and Labour parties' focus on security, defence, and crime has risen by around 50% since the last election.
- Across all the parties' manifestos, talk of AI has increased almost five-fold since the last General Election (from a very low baseline in 2019).
- Talk of cyber in manifestos is low, but a review of last Parliament's activity shows MPs are focused on cyber issues (if not during the election campaign):
- "Cyber" was mentioned almost eight times per sitting day on average across the Parliament.
- Debates dedicated to specific cyber issues took place on average every 30 days.
- Around two-thirds of parliamentarians mentioned "cyber" at least once.
- At least six major parliamentary committee inquiries were undertaken on cyber issues.
With the UK off to the polls on Thursday 4 July, businesses grappling with the complexities of global cyber laws and regulations must understand how these are likely to evolve under a new or re-elected UK government. It will be imperative to determine where new policies could unlock opportunities for innovation and investment.
To help, we've examined the manifestos of the nationally significant UK political parties contesting the 2024 General Election to understand what they might mean in practice.
Nb. This analysis covers all nationally significant UK political parties who have published their manifesto as of Monday 24 June 2024.
Cyber security – not an election issue?
As of 24 June, just ten mentions of the word "cyber" were made across the nine manifestos. Compared to the 2019 election manifestos, this represents an overall decline of 37%.
A lack of explicit focus on cyber security is not wholly surprising. Our recent Digital Dawn report found that cyber security has evolved into a broadly apolitical issue and – as former UK Digital Minister Matt Warman put it – "not a vote winner per se". Harley Geiger from the US Hacking Policy Council summarised it as follows:
"Politicians face many different crises. We, in the cyber security profession, can sometimes forget that there are things that matter to people outside of cyber security, including very real problems in areas like healthcare, housing, or the environment. All of these issues are in play during an election year and, in some cases, take less expertise for voters to really understand. They therefore inevitably take priority."
In practice, it means – rightly or wrongly – that cyber security is not a prominent pre-election issue (for example, see the response to the ransomware attack against Synnovis).
But what does this mean for the next Government? Will the new UK Parliament ignore cyber security altogether?
The short answer is no.
Despite only a total of ten mentions of the word "cyber" across the 2019 manifestos, our analysis of the previous Parliament's activity indicates that cyber security is very much an issue of increasing national importance and warrants scrutiny by our lawmakers. During the last Parliament, between 17 December 2019 and 30 May 2024:
• The term "cyber" was mentioned almost eight times per sitting day on average across the Parliament.
• Debates dedicated to specific cyber issues, from the implications of individual cyber attacks, to the Government's cyber resilience efforts on the whole, took place on average every 30 days.
• Over 400 MPs, or around two-thirds of parliamentarians mentioned "cyber" at least once.
• At least six major parliamentary committee inquiries were undertaken where "cyber" was included in the terms of reference.
So, while cyber security is not front and centre of the parties' election manifestos (not least because it is not seen as a vote-winning issue in the traditional sense), we should remember the UK Parliament has a strong (recent) history of holding the Government to account on its approach to cyber security.
The manifestos also contain two broader themes—corroborated by what we heard at the Party Conferences last year—that are likely to have significant implications for how the next Government approaches cyber security: a focus on national security and the evolving rules of the road for emerging technologies.
Making citizens feel safe in a volatile world
The world has changed considerably since the 2019 General Election.
The last four and a half years have seen a global pandemic, the war in Ukraine, and technological advancements driving geopolitical tensions. Consequently, it is perhaps unsurprising that the UK political parties' focus on security, defence, and crime issues has risen. In particular, across the Conservative and Labour Party manifestos, mentions of security, defence, and crime (as a percentage of the overall word count) have risen by nearly half.
Notable policy commitments include the Conservative Party's National Defence and Resilience Plan and the Labour Party's Strategic Defence Review, audit of the UK-China relationship, and "security sprint" review. The latter policy – announced by Shadow Home Secretary Yvette Cooper in the last few weeks – would see a Labour Government review the most pressing national security threats to the UK and identify gaps in its response within its first 100 days in office.
With NCC Group insights showing that the UK is the second most targeted nation by ransomware attacks outside of the US, and GCHQ Head Anne Keast-Butler just last month warning that ransomware "continues to be the most acute and pervasive cyber threat" for UK organisations, it is clear that cyber threats must be front and centre of any such review.
As highlighted in our Digital Dawn report, public opinion polling consistently shows that citizens are worried about cyber security and want their governments to keep them safe in cyberspace. There is a clear imperative for the Government and politicians to take action and ensure that national digital resilience is a core pillar of their approach to defence and security.
It is therefore heartening to see that where cyber security is talked about in the manifestos, it is generally in this context – with the Conservatives pointing to their track record of having "toughened our cyber defences […] to protect the nation", Labour and the DUP warning of "cyber-attacks and misinformation campaigns [seeking] to subvert our democracy" and cyber threats from nation states respectively, and the Liberal Democrats and the SNP keen to work across borders to tackle cybercrime.
Artificial Intelligence remains in vogue, but expect regulation evolution, not revolution
Across the parties' manifestos, talk of AI has increased almost five-fold since the last General Election (though, admittedly, from a very low baseline in 2019). Most parties are eager to harness the power of AI to drive efficiencies and improve the effectiveness of public services, whether it's using "AI to free up doctors' and nurses' time" for the Conservative Party or harnessing technology to enable police to "stop wasting time on paperwork" for the Reform Party.
There is also broad consensus that AI must be deployed safely and responsibly, building on the work of the UK's AI Safety Institute and cementing the UK's global leadership position on its ethical use. The Labour Party, for example, would put the Institute on a statutory footing and introduce "binding regulation on the handful of companies developing the most powerful AI models."
Regulating the responsible use of emerging technologies is a theme that extends to other areas, too.
Both the Green Party and the Liberal Democrats propose to introduce a Digital Bill of Rights, while the Reform Party has called for a British Bill of Rights that protects our data and privacy. On the other hand, Labour has committed to building on the Online Safety Act, "bringing forward provisions as quickly as possible, and exploring further measures to keep everyone safe online."
It is clear that no matter its shape, we can expect the next Government to continue – or potentially even accelerate – the previous Government's drive toward regulating emerging technologies to ensure their safe, secure, and responsible use.
The next Government must not lose sight of the bigger picture
With the Ministry of Defence and the Home Office responding to a third of all parliamentary questions related to cyber in the last Parliament, it is evident that cyber security (in parliamentary terms) is viewed through a defence and national security lens.
That said, a wider review of the top responders to such questions (see graph above) also brings to life the UK National Cyber Strategy's whole-of-society approach. The Cabinet Office (responsible for national resilience), the Department for Science, Innovation and Technology (responsible for the cyber ecosystem and technology), and the Foreign, Commonwealth and Development Office (responsible for global leadership) collectively account for over a third of responses, too— demonstrating the multifaceted perspective required to review and treat cyber issues.
In these uncertain times, it is understandable to correlate cyber with national defence and security. But, cyber security is not just a security issue. Nor is it just part of technology regulation. It is fundamental to building a digitally resilient nation where public services are trusted and industrial and economic strategies can be effectively delivered because the right foundations are in place.
With a strong, growing cyber industry, academic prowess, and excellent institutions like the National Cyber Security Centre, the UK has the opportunity to lead the world when it comes to securing cyberspace.
The next Government must be ambitious, establish clear ministerial leadership, and promote a whole-of-society approach to cyber security from the outset.
UK Government Affairs & Global Institutions Engagement Lead, NCC Group
Verona is an experienced government affairs and policy professional currently leading UK public affairs for FTSE250 global cyber security firm NCC Group. In this role, she oversees NCC Group’s engagement with UK government and regulatory decision-makers and the wider policymaking community against a backdrop of the increasing regulation of cyber resilience.
Prior to joining NCC Group, she has overseen in-house and consultancy public affairs programmes for a range of organisations – from FTSE100 and public sector institutions to start-ups and disruptors across many sectors of the economy, including aviation, logistics, and utilities.
Learn what this could look like in practice.
Get up to date on cyber security developments in governments around the world. Read and save a copy of NCC Group's latest contribution to the global cyber policy debate – Digital Dawn: Cyber Security Policy in the Wake of Political Change.