Pioneering Cyber Security Document Helps Secure Human Rights Abroad
First ever government backed cyber security guidance provides advice on how to manage export risks
26 November, 2014: Today techUK, the leading voice for the UK technology industry, publishes ‘Assessing Cyber Security Export Risks’ in association with the Institute of Human Rights and Business (IHRB)1 and on behalf of the Cyber Growth Partnership.2
This is the first tech sector guidance of its kind in the world. It provides cyber security companies of all sizes with actionable advice, to help identify and manage the risks of exporting their products and services. It gives detailed background information and a framework to help companies develop their due diligence processes, manage human rights risks and identify national security risks. This reduces the likelihood of a buyer being able to use their technology to help perpetrate human rights abuses. It also reduces the likelihood of reputational damage to British companies.
Cyber security capabilities are used around the world to strengthen the integrity of critical national infrastructures, prevent the theft of corporate and personal data, and tackle fraud. Their export presents the UK with a significant economic opportunity. HM Government has recognised this and is working with industry through the Cyber Growth Partnership to help companies realise this growth, with the aim of increasing UK cyber security exports to £2bn by 2016.
Most often cyber security capabilities are used only to defend networks or disrupt criminal activity. However, some cyber products and services can enable surveillance and espionage or disrupt, deny and degrade online services. If used inappropriately, they may pose a risk to human rights, to UK national security and to the reputation and legal standing of the exporter.
Ruth Davis, Head of Cyber, Justice and Emergency Services, techUK said: “Cyber security technologies are crucial for us to enjoy the benefits brought by the internet but some also have the potential to be misused. We need to prevent them falling into the wrong hands, leading to human rights abuses or the undermining of UK national security. Businesses have a responsibility to protect human rights and uphold national security. The Cyber Growth Partnership has produced this guidance to help UK companies fulfil this responsibility as they work for growth overseas.”
She continued: “We want British companies to take the lead on protecting human rights and driving innovation in cyber security. The advice in this document is designed to help companies reduce reputational risk and to have confidence in the deals they make. We believe that ethical business practice is key; human rights and a vibrant British cyber sector are two sides of the same coin.”
The Guidance sets out a risk assessment process that helps companies to:
· Look at the capabilities of the product or service they want to export and how it could be used by purchasers
· Examine the places where they are exporting to including their political and legal frameworks, the state’s respect for human rights and potentially vulnerable people
· Assess who the end purchaser of the product is and how they intend to use it
· Evaluate potential business partners and re-sellers
· It also provides advice on how to mitigate and build risk management clauses into the contract
Ed Vaizey the Minister for Culture and Digital Industries and co-chair of the Cyber Growth Partnership said: “techUK’s guide is a valuable and accessible tool which will help British companies respond with confidence to opportunities in the global cyber security market. I am grateful to all those who have contributed and I am proud to endorse this guidance, the first of its kind in the world”.
Dibble Clark, Cyber Lead at 3SDL, a Malvern Cluster cyber security company commented: “Recent events have put the human rights responsibilities of cyber export companies in the spotlight and there is particular scrutiny on our sector, both from governments and NGOs. The responsibility to respect human rights is something no company can ignore, whether large or small. This guidance is a valuable tool in guiding companies to the most appropriate human right due diligence policies and processes. 3SDL welcomes this guidance and was delighted to be able to support it. We look forward to contributing to further discussion on the challenges and opportunities in respecting human rights in the future.”
Rt. Hon Baroness Anelay, Minister of State for Foreign and Commonwealth Affairs said: “I welcome this initiative by techUK in collaboration with the Institute for Human Rights and Business. The UK’s Action Plan ‘Good Business’ – to implement the UN Guiding Principles – represents the Government’s commitment that the promotion of business and respect for human rights should go hand in hand. This groundbreaking guidance will help cyber security businesses manage human rights risk by adopting effective due diligence policies and enable them to respect human rights wherever they operate.”
On behalf of the Cyber Growth Partnership techUK would like to thank BT, 3sdl and Lockheed Martin for their generous sponsorship of this Guidance and for their support in developing it.
techUK represents the companies and technologies that are defining today the world that we will live in tomorrow.
More than 850 companies are members of techUK. Collectively they employ more than 500,000 people, about half of all tech sector jobs in the UK. These companies range from leading FTSE 100 companies to new innovative start-ups. The majority of our members are small and medium sized businesses.
1About the Institute of Human Rights and Business
techUK would like to thank the Institute for Human Rights and Business (IHRB) for facilitating industry consultation and input into the human rights section of this guidance and for its central role in the drafting and review of the guidance. IHRB focuses on corporate responsibility to respect human rights and played no role in drafting the section that deals with national security risks in Chapter 4.
2 About The Cyber Growth Partnership
The Cyber Growth Partnership is a taskforce of members from government, industry and academia that works to help UK cyber security companies increase their access to overseas and domestic markets and to increase the talent pool available to them in the UK. It is co-chaired by the CEO of BT, Gavin Patterson, and the Minister of State for the Digital Industries, Ed Vaizey MP.