Cyber-intelligence staff among nearly 2,000 BAE Systems redundancies

16 October 2017 Consultancy.uk

The world’s tenth largest cyber-security consultants have axed 1,900 jobs in the UK, including over 100 in its cyber defence department. The vast bulk of the wide-spread redundancies will come from BAE Systems’ traditional military and defence line, as new CEO Charles Woodburn continues to push the professional services firm toward a streamlined approach and a renewed focus on digital technologies.

Over the course of 2016, British multinational defence, security, and aerospace company BAE Systems saw revenue in security consulting hit 14.2% to $290 million. The group, headquartered in London, was found to be the world’s tenth largest security and cyber-security consulting firm, while appearing to be successfully diversifying into the sector to add to its more traditional portfolio, which includes a number of state and private sector solutions. Despite this success, however, the new Chief Executive of Britain’s biggest defence contractor has announced plans for more than 1,900 redundancies in the UK.

Experts had anticipated that Charles Woodburn, who took the reins at BAE three months ago, would attempt to make expenditure reductions by scaling back on employment. However, the job cuts are double what most had expected. The organisational changes were said to be targeted at delivering the company a more competitive edge, empowering it to renew its focus on technological innovation – a market of growing global significance across all industries – by ‘streamlining’ the organisation via the shaving away of whole layers of management. The job losses will be phased over the coming three year period, and will equate to almost 6% of BAE's 34,600 British workforce.

Cyber-intelligence staff among nearly 2,000 BAE Systems redundancies

This new direction is partially motivated by slowing international demand for BAE Systems’ traditional military engineering services. The firm had been hoping for a large Typhoon deal with Saudi Arabia - which ordered 72 of the aircraft 10 years ago. The aircraft cost approximately £4.43 billion, and the full weapons system is expected to cost approximately £10 billion – however in 2010, BAE Systems pleaded guilty to a United States court, to charges of false accounting and making misleading statements in connection with sales to the Saudi regime. Since then, the Typhoon deal has so far failed to materialise, while smaller existing contracts with other Gulf nations are not enough to keep up full production. Subsequently, the largest cuts will hit BAE's factories in Lancashire - where up to 750 jobs will go. Manufacturing in the North-West of England has been haemorrhaging jobs in recent years, seeing 77,000 jobs leave the region since 2006, and the latest news from BAE will further compound that decline.

Following the restructure, which also strips out levels of regional management, the company appears to be moving towards a greater focus on technological innovation. Alongside the redundancies, Woodburn announced the appointment of a Chief Technology Officer to the Board, with former Head of UK Programmes Nigel Whitehead being promoted to the new position. Conflictingly, however, the job cuts also include a number of roles disappearing from BAE systems' cyber-intelligence operations.

“Short-sighted”

With cyber-security at the forefront of business and governmental anxiety, thanks to high-profile attacks on the National Health Service in the UK, and the National Security Association in America – one of the world’s most controversial and powerful state surveillance operations, the segment looks to be a high priority for investment over coming years. Meanwhile, with the world’s biggest cyber-security consultancy Deloitte having been the victim of a hack themselves, the situation seems ripe for competitors such as BAE to siphon off business from the Big Four member. Regardless of this opportunity, the Applied Intelligence unit, which helps companies and governments fight cyber-warfare, will downsize by 150 personnel.

Britain’s largest trade union, Unite, which represents a portion of the BAE workforce, meanwhile pledged to fight what it called a “devastatingly short-sighted” move, while refusing to rule out potential industrial action. Mr Woodburn said BAE would be working “very closely” with the unions over a coming 30-day consultation period, adding, “We believe a good proportion of jobs will be voluntary redundancy.”

GMB, another large general union, meanwhile called for state intervention, with Ross Murdoch, a GMB National Officer, stating, “Given the ever increasing likelihood of no deal on Brexit, GMB calls on the Government to reverse this decision and prioritise this work.”

MPs in Parliament also joined calls for the Government to step in, and prevent job losses, but Business Minister Claire Perry told the House of Commons, "it would be wrong for the Government to interfere in the company's restructuring.”

More news on

×

Boards of top UK firms must do more on cyber-awareness

06 March 2019 Consultancy.uk

A new report released by the UK Government has found that UK businesses need to do more to build awareness in their firms, if they are to fend off cyber-attackers. The study found that an all-time high of 72% of businesses now see cyber-threats as a top risk, but just less than half of UK boards do not have a comprehensive understanding of the critical assets at risk from cyber-attacks.

Digital technology has revolutionised modern business, with a rate of innovation present in many companies that arguably eclipses that of the industrial revolution. The huge opportunities presented by technology mean that many firms have rushed to digitalise their offerings; but while this means they are able to take advantage  of the latest trends, it has also opened innumerable doors for cyber-criminals looking to use technology to loot corporations from across the globe.

Illustrating the extent to which cyber-crime has boomed in the last decade, in the final quarter of 2018, a study commissioned by Bromium and presented by Dr. Michael McGuire at RSA found that the cyber-crime economy has grown to an estimated $1.5 trillion dollars annually. That is only a conservative estimate – but that conservative figure alone is so large that if it constituted a national GDP, instead of a collection of digital frauds, it would be the world’s 13th largest economy.

Amid this state of play, it is easy to see why cyber-security has become one of the key watchwords of any board room in the 21st century. The cyber-security consulting segment has boomed, with the world’s 10 largest operators in the segment bringing in more than $11 billion in related fees, as businesses tap external expertise to help find areas where they can improve their defences. As noted by a new UK Government report, the legacy of this spike in consulting activity is that almost all UK businesses now have a cyber-security strategy, with only 4% admitting otherwise. 

Cyber threats are increasingly seen as high risk in comparison to other risks that businesses face

This comes at the end of a sea-change in attitudes toward cyber-security over the last five years. According to the 2018 FTSE 350 Cyber Governance Health Check, in 2013, the largest minority of businesses felt cyber-threats represented a low operational risk, at 38%, compared to just 25% who saw it as a very high group risk. Now, the two opinions have seen a dramatic reversal, with only 6% seeing cyber-security as a low threat, compared to a huge 72% of businesses which see it as a very high risk. Considering the high profile hacks that occurred in the interim, this is perhaps not that surprising.

However, while cyber-awareness in general is at an all-time high, this is where the positive news ends. According to the study, while the vast majority of firms in the UK have a cyber-security plan in place, only 46% have a dedicated budget to enact that strategy. Should their financial positions change rapidly in the near future – something increasingly likely with the prospect of a No Deal Brexit still looming over the horizon – then that plan could fall by the wayside, with the funding shortfall exposing firms to even greater financial damage in the near future.

The study, released by the Department for Digital, Culture, Media & Sport (DCMS) in March 2019, was undertaken in partnership with Winning Moves and support from EY, KPMGPwC and Deloitte, working with their FTSE 350 clients to participate in the survey. The study also found that while most businesses have incident response plans, most are not testing them: 95% of FTSE 350 businesses have an incident response, but a mere 57% test their crisis incident response plans regularly. With companies facing the consistently evolving threat of cyber-attacks, that could leave major chinks in their armour undiscovered until it is too late.

Board understanding of business-critical assets

Similarly, many firms also seem oblivious to the threat posed by their wider supply chains, which if left unchecked, provide hackers with a blank cheque to access company data. A majority of boards do not recognise supply chain risks beyond the first tier, as 77% of FTSE 350 businesses told researchers they did not recognise the risks associated with businesses in the supply chain with whom they have no direct contact.

Meanwhile, almost half of UK boards do not understand the critical assets at risk from cyber-attacks. 54% of businesses in 2018 rated the board’s understanding of critical information, data assets and systems as comprehensive, while of that, only 12% said understanding was the best it could be. This compares to 43% of boards in 2017 and 32% in 2015/16 stating they had a clear understanding, suggesting that key progress is being made, but also that there is a great deal of room for improvement.

Commenting on the findings, Digital Minister Margot James said, “We know that companies are well aware of the risks, but more needs to be done by boards to make sure that they don’t fall victim to a cyber-attack. This report shows that we still have a long way to go but I am also encouraged to see that some improvements are being made. Cyber-security should never be an add-on for businesses and I would urge all executives to work with the National Cyber Security Centre and take up the government’s advice and training that’s available.”