Welcome to today’s session of the Business and Trade Select Committee and the Sub-Committee on Economic Security. This is the first of our hearings in our baseline inquiry on economic security perils facing the UK. Thank you so much to our witnesses for joining us to help us think this through. Sir Simon Fraser, perhaps I could begin with you. You have worked in the public sector and now in the private sector. Could you give us a sense of how you think boards today think about economic security questions when they are taking investment decisions?

Boards and indeed businesses, including the executive leaderships of businesses, are increasingly conscious of how economic factors play into considerations of security, security policy and national security. They are much more alert than even until quite recently of geopolitical risk and how that is increasing and creating new areas of consideration for Governments in relation to economic security. The other big factor that has changed their attitudes recently is, frankly, technological change and the way that that is creating new forms of economic risk and economic security risk. They are very conscious of those things and increasingly aware of the need to factor that into business decision making, investment decision making and other areas. They are taking steps to achieve that. Sometimes there is a lack of clarity about what the issues that they are addressing are and how they understand them; no doubt we will come on to this. There are areas in which they feel that the interaction with Government needs greater transparency, clarity and simplicity in order to help them make those decisions and respond effectively in a way that helps Government, but also protects their commercial interests.

What are boards worried about, in your experience, when they get on to this topic on the board agenda? What are they trying to figure out?

They are worried about making decisions that get them on the wrong side of the law or Government positioning. Clearly, that is a matter of concern. It goes back to my point about transparency and clarity. They are worried about navigating potentially different rules in different jurisdictions if they are multinational businesses, and that is a considerable concern. You can see that, for example, emerging in relation to America, as opposed to Europe, in relation to China policy and so forth. They are worried about those complexities. They are worried about protecting their staff and the people working for them in those contexts. They are worried about not getting stranded high and dry, for example, by changes in the economic security context that lead to their supply chains or other things that are necessary for the conduct of their business no longer being available to them.

They are presumably now facing a world that is far less predictable.

Yes, the geopolitical context is less predictable. It is moving very quickly. They have to think about a range of different decisions being made in different places. As I say, they have the speed of the emergence of new types of threat that they are trying to keep up with, which you can predict to some extent but you cannot always predict. Yes, it is less predictable, faster moving and more uncertain, and they have to invest more time, effort and money in being able to respond to it.

Helen, what is your experience of what boards are worried about? You have looked at this from a Rolls-Royce perspective and now from a Global Counsel position.

To explain my background, before I joined Global Counsel, I was the director of Government relations at Rolls-Royce Power Systems group. Before that, I worked for other FTSE 100 and CAC 40 companies, so I have worked in this political risk space for some time. To add to what Simon said, this issue about clarity is absolutely important and this is where the Act and the work around investment screening is very useful. It is worth reminding ourselves what the regime was like before this Act came along. It was unclear to companies whether any acquisition or other company change might be called in under the Enterprise Act. That was not clear. That meant also that the Government did not have the right instruments if they wanted to intervene. This Act provides clarity.

Before we get into the Act, because we are going to come on to that in a bit more detail, just go up a couple of levels and give us a sense of what boards are wrestling with, in your experience, and the kinds of questions that you get drawn into helping advise boards on.

It is the same areas that Simon was talking about, but it is about the need for clarity and, critically, the need for pace here, to make sure that there is pace in the ability to know when there is going to be a decision. As you know, with the sort of due diligence that companies do, often an acquisition is going to be time sensitive, so making sure that there is pace and having clarity of when you are going to get a decision is going to be absolutely critical.

That is interesting. It is a combination of predictability, certainty—or often a lack thereof—and pace. That is incredibly helpful. Alexandra, what is your experience of the kinds of questions that boards are wrestling with?

It very much depends on whether they are in the process of a specific transaction or more broadly thinking about the future of their company and their longer-term investment decisions. In our experience, it varies a lot between boards, but quite often the questions that boards ask are those that are essentially being fed up to them by their business. In some cases, it may be that they are quite strategic questions and in other cases it is much more tactical and short term. I would echo a lot of what has already been said, which is that it is about having clarity about process, knowing how long things are going to take, and, more broadly, it not being too complicated, in that boards are often made up of very busy individuals. They do not want to have to necessarily put too much time into thinking about the details, but often they will have people within their organisation who do that for them, and then the top line comes to the board. Sometimes we are directly working with board members, but often we are working with other parts of the business, which will then feed into their boards.

Can I check, then? In your view, are boards now having to spend more time and money thinking about political risk than they were, say, 10 years ago?

Political risk has been a factor for boards for decades. Anybody who goes through the annual reports of large companies will have seen that political risk has been a constant for a very long time. We are now seeing a very different focus on political risk. Whereas before it might have been an existential risk, it is now an operational business supply chain risk. It is therefore becoming a very real, practical, day-to-day risk that needs to be incorporated into many more decisions that a company takes than maybe before, where they were looking at other political risk issues—for example entry, into a new market—rather than, “Is your business operational and will it be able to work tomorrow?”

That is a very important distinction.

I would agree in some cases. There are companies that have very sophisticated political risk operations involved in how they think about it. We are also getting inquiries from companies that have never really thought about political and geopolitical risk. Maybe it is affecting more types of company. Geopolitical risk is also on the front pages every day, so I think that that is what is driving a lot of boards to think more about it.

I completely agree. Boards and senior executives are spending far more time thinking about geopolitical risk and its consequences for them than they were five years ago, let us say. There is no doubt about that and that is reflected in the sorts of inquiries that we have from them and the requests that we get. It is a much broader scope. We are looking at the retail sector at the moment and seeing what is going on in terms of economic security risk for it through cyber-attacks and so forth. It is much broader, and it is even broader than that because, increasingly now, given the geopolitical change, considerations of industrial strategy are becoming very important in terms of economic risk. Therefore companies have to think about that. Commercial decisions are being merged with issues that pertain to national and economic security.

Afternoon. Whoever would most like to answer this, jump in, and we can do it that way. Regarding the UK investment screening regime, as much as you are able to, can you give us data, or direct us towards data, on clarity, speed, predictability and rationale? When a ruling goes for or against against one of your clients, is there a clear rationale as to how that ruling was given? How do you think that we are performing, as the UK, in that? How does that compare to, say, the US CFIUS regime, in either this latest Administration or prior ones, in terms of speed, predictability and clarity?

I will maybe touch on the first answer about what the regime was like before, which was desperately unclear. Now there is clarity. The thing about this regime, as you know, is that it has been through some revisions, which have clearly reduced the scope in terms of the areas of the economy, so that provides clarity. The unit also has targets in terms of how soon it needs to turn things around. As you know, very few are called in. It is working quite efficiently. I know that there has been some debate about whether there could be greater definition of the sectors of the economy that are included in it to be able to help companies navigate their way through. I can understand why the Government want to leave some of those sectoral definitions quite broad. The reason there is that they are privy to intelligence and information that we in the commercial world do not see. Therefore they want to make sure that the regime is inclusive of all the aspects that they might want to take into account. It is working well. It is maturing well. The conversation that Governments have been having with companies around its operation is very effective. I would not want to draw any comparisons to other countries, the reason being that every country’s regime is going to be dependent on its own economic and national security factors, but there can be learnings. To go back to what Simon was saying earlier on, if you are working across a number of different jurisdictions, having commonality of approach can be very useful. This need for pace is the critical thing that probably all of them can address, even if the foundations of the scrutiny are going to be slightly different.

My role is that I lead our UK and EU team of analysts, so we also spend a lot of time looking at how various similar regimes are in place across Europe. In terms of how long they have been in place, they are, in some cases, quite similar. They are sometimes different in whether companies are going to fall under those regimes. They are looking at it often. If a company is thinking about multiple countries to potentially invest in, it will be looking at it in a comparative way and thinking, “Is there one country where we think it would be more straightforward to get in than others?” At the moment, it is quite early stages in terms of data, certainly, but there is no sense that the UK is an outlier in a negative sense.

Following up on that one, if there is a global transaction, so a large global company is buying another global company, it has all sorts of regulatory rulings to clear in all sorts of jurisdictions. Where does the UK sit in terms of speed? Speed counts. Where is the UK in terms of the turnaround time or something like that?

I do not think that it is an outlier. As I say, there is no clear pattern across Europe necessarily yet.

Can I check, Alexandra? Is there any evidence that we are losing significant investments because of either the speed or the complexity of the decision-taking process?

No, not to other countries that have FDI screening regulations in place.

I would agree. The NSIA has been, broadly speaking, a success. There was a lot of concern among businesses when it came in about how it would be conducted and administered. With experience, it has been tightened up and improved. We are waiting for the latest annual report, because there is an annual report, which is due now, on the performance of it. If you look at the last annual report, the speed has actually improved. The clarity about where decisions are made, since it has moved into the Cabinet Office, is better for companies as well. I do not think that we are at a significant competitive disadvantage through it. Of course, there are differences with other countries, as has been described. Other factors, such as the tax and broader business environment, are probably more significant when companies are looking at the choices they are making for investment. Very often, if it is a question of M&A, there is only one target they are after and it is in a certain country anyway, so they have to deal with that country as the primary jurisdiction.

Picking up on what you have been saying, there is a bit more clarity for businesses and there has been an improvement around the investment screening regime. Do you think it would help to have a formal definition of economic security? Do you think that would help the private sector to better understand the Government’s aims and objectives?

Just to explain, when I was at Rolls-Royce I was on the Government’s economic security business working group and this was one of the things under discussion. I very much hope that there will be a definition in the trade strategy or industrial strategy. When a term is used, but without any definition, it is very hard for businesses to engage with it and know exactly what it covers. I know that other countries have decided to put a definition around it. The thing about a definition is whether it is going to define it as an umbrella term or be specific about the policy areas that sit underneath it. It could be described as a resilience framework to support businesses and economies against geopolitical shock, for example, but then what are the policy areas that sit underneath it? At the moment, it looks like export control and sanctions could be underneath it, and obviously the investment screening piece and critical minerals. Unless you define the pillars of it, it is difficult to know what an economic security term relates to. Some of those pillars, if those are the pillars, are things that have been in existence for quite some time, such as, clearly, export control and sanctions. Some of them are newer, such as investment screening. Some of them are still in development, such as critical minerals. Ultimately, from a business perspective, our clients are asking for the “So what?” If you have a definition, what does that definition then mean for a company? How do policies in that area differ now that it has that umbrella heading? What is going to change? What do they need to anticipate and do differently? We need to look at it from a business perspective, as well as from a definitional Government policy perspective. There is another piece around this. If economic security includes all those pillars, does the economic security team inside DBT own those areas, or do they work with the units inside Government? The machinery of government piece here is important in terms of whether they are embracing them all or actually leading them. Are they leading or following? The critical piece around economic security, and the reason why it is such a topic today, is around the geopolitical jeopardy attached to it, which comes to the intelligence piece. If the intelligence piece is not there to help companies understand it, economic security will be a term without application.

If you spoke to our clients, I think that their instinctive reaction would be that, yes, a definition would be extremely helpful. As Helen said there, it is important to think about what that means in terms of a definition and for it not to be something that can quickly become overtaken by developments. If you think about the issues that have been economic security threats in recent years, they are not necessarily things that would have been part of a very specific definition before that. Maybe the pillar structure is a good one, in terms of having a framework but not necessarily having all the details about exactly what would be included, even though businesses might say that that is what they would like. Longer term, they are thinking about stability of decision making and, if you have to constantly revise those definitions, that reduces the stability.

I am a bit sceptical about the idea of spending a lot of time trying to define economic security, or indeed national security, for the reasons that have been alluded to. It is a fast-moving environment and you could spend an awful lot of time trying to reach agreement on a definition and then find that it has changed. There is a risk also that, in practice, although the idea of this is to simplify the situation, it could lead to political and even legal complexities. Companies might say to you, “That is not within the definition” when something has popped up. In the end, these choices and decisions are always going to be influenced by political considerations, as well as legal and objective considerations. That is the reality of it. There are a number of cases I could cite where clearly there has been a political context that has influenced a decision. If you have a rigid definition, it is possible that you create a problem. The idea, however, of being clear about the criteria for what is in scope in consideration of economic security is important, but I think we are going to find a fairly broad range of scopes falling into it now.

That is very useful. We are trying to improve predictability in a world that is unpredictable, with a goal of potentially getting investment decisions to happen when perhaps they might not happen. If that is the problem we are trying to solve, can you see whether there is a way of a definition of economic security helping improve the situation, or does it not really make any difference?

It helps. What has been useful, for example, with the NSIA is the fact that there are the 17 designated sectors. That gives clarity about what is within scope, but of course that is not everything that is in scope, because Government can call in other things. You are trying to create more clarity, but you cannot be absolutely clear. That probably is the principle that one has to apply in approaching this. The other thing that I personally think can help achieve the sort of objective that you are describing is greater clarity in the process of Government decision making. This goes to the speed point. Companies find it difficult when they have to address more than one part of Government. This is particularly the case in relation to export controls, for example. They do not know where the decision is being made. They go from one to the other and feel very frustrated. I have advocated in the past a one-stop shop approach in Government to dealing with economic security issues, in which businesses at least know where to address themselves, even if they are not going to get an immediate answer. I do not know whether that is foolishly naive, but I think it would help give clarity.

Good afternoon. We are hearing a lot about much more attention being paid to these issues and a lot more emerging threats. Can you give me some clue as to how you or your clients evaluate the threats and difficulties that they face? What tools do you have at your disposal? I am thinking of the national risk register. I assume that that is quite an important tool. I think that it has been refreshed to look at acute issues and chronic issues, which seems to be a change. How do you make sense of this increasingly threat-laden world?

In terms of what those economic threats might look like, it is very sector and company-dependent. The economic threats could come from their own domestic environment. They could come from overseas. Tariff is probably the latest one that everybody is trying to understand and assess. It would be interesting to look back at previous national risk assessments to see where tariffs might fall on that and whether it has ever been considered to be as significant a potential global shock as it is at the moment. In terms of other broader economic threats, they come in different guises. Some of them could be sanctions. The sanctions regime that came in after the invasion of Ukraine by Russia was absolute. It was concerted across a number of the allies. It therefore closed off a relatively significant market for a number of companies. There are these geopolitical moments that you could try to anticipate, but actually they are out of your control. For people who work in strategic advisory companies such as ours, it is about helping our clients anticipate what those risks might look like, so doing the horizon-scanning piece to understand where those economic threats might fall, how those economic threats might then be implemented and how we can guide them through those as well. The range of economic threats now is probably greater than it has ever been before. In terms of how companies try to navigate their way around that, that is through the horizon-scanning piece. It is very difficult for companies at the moment to know how much weight to put on each of those factors, given that there are so many factors in play at the moment.

What do you think of the national risk register? Obviously there are unknown unknowns, to quote Donald Rumsfeld—black swan events and all these things—but is the national risk register useful? Is it a tool that actually is helpful?

It is a useful understanding of some of the factors. Thinking about the earlier debate about how you create a definition of economic security that is future proof, how do you future proof a lot of these risks? It is a useful checklist. It is a useful reminder of issues that you need to think about. If I were to go back to the time before the pandemic, pandemic was in there as a risk, but it was a risk that in some ways had been offset by the belief that it was not going to be impactful. It is a useful reference point, but it should not be the guide.

It should not be the be-all and end-all. Alexandra, are you in that position as well?

Yes, similar in terms of both the national risk register and risk registers that individual companies have. They have traditionally been a very popular form of thinking about risk. As we have said, there are times where there are questions over how useful they are, especially if you have a risk register with 50 entries on it. You maybe, as a board, look at it only once or twice a year. How is it actually impacting how you run your business? What we are doing a lot more with businesses now is flipping it on its head, working from the inside out and thinking about impacts. What are the things that matter most to an individual organisation and what impact would that have on the business? For example, if your supply chains were disrupted for any reason, you think about what the impacts would be on the business. Then you can reverse engineer that, think about what things might cause your supply chains to be disrupted and do scenario planning there. Given that the things that have very rapidly moved to the top of risk registers in recent years have not always been things that have been given much attention, it is not always the best way to just focus on a register.

Simon, do you get the opportunity to feed into the national risk register? Is it handed down to you on tablets of stone from Government, or do you get to feed in? Do you flag things that you see coming down the tracks?

I used to when I was in Government, but I have not since I was in public service. To be honest with you, it is not something that I refer to on a daily basis, although it is a useful thing for Government to do. My experience in the past—and I would like to make a point that I think has come up in some of the literature around your hearing—is that, if you are going to have a national risk register and approach to national security management, it is really important that economic voices in Government have sufficient weight in those considerations. In the past, certainly, the sorts of people who were looking at the national risk register tended to come from what you might call the security side of Government rather than the economic Departments. There has been an attempt to improve that, for example under the last Government’s integrated review approach to national security and defence issues. Given the focus here on economic security, it is really important that Government thinking and documents reflect that. There is a trade-off here for the Government between the priority of economic growth and the priority of protecting national security. You cannot always have optimal outcomes for both. Those choices have to be made in Government and therefore instruments such as the national risk register have to facilitate proper informed decision making both for Government and for other economic actors on those things. When you are a company, what are you looking at here? If you are a board, you are looking at, “What is my legal risk? What is my commercial risk? What is my reputational risk? What is my political risk in any set of decisions that I make?” To some extent, the risk register helps that, but there are other engagements with Government that can help them make those choices.

Who is underweight, then? If you think economic voices need to be given a bigger role, who would you say is underweight in the decision making?

I left Government 10 years ago, but it always struck me as interesting that a National Security Council was established that was dominated by the Ministry of Defence, the intelligence agencies and the Foreign Office, so what you might call the securocrats. At one point under the previous Labour Government, but not since, there was an attempt to establish a parallel national economic council. That did not happen and I did not feel that the economic voices were always present in the security debate. That has changed and improved.

It has changed for the worse, actually.

On the other hand, I read recently that the Business Secretary is no longer on the National Security Council.

Not as a standing member, no.

By the way, they were not when I was in the Foreign Office either. It is really important to understand how those decisions are mediated in Government, so that Government can make the trade-offs that are necessary and help business understand how those trade-offs are seen.

Do you think the Treasury has enough weight, or do you think it is a problem for DBT in particular?

It depends, at any given time in the life of a Government, where power in Government lies. The Treasury at the moment has the weight. I was the Permanent Secretary in BIS when Peter Mandelson was the Business Secretary and there was always an issue for that Department as to what weight it has in Government when thrown into the centre with the Cabinet Office, the Treasury and other big Departments. Getting that balance right has been a longstanding question. I will be interested to see how the industrial strategy comes out and where the balance comes out in terms of the departmental engagement behind that.

That is obviously quite a sweeping statement and it varies a lot between businesses and business sectors. If we go back to what we talked about at the very start, there are companies that have had to think about these issues for a long time and have developed quite sophisticated ways of thinking about them. There are others that are catching up. The past three-ish years have been a big eye-opener for a lot of businesses that had not previously thought that they might potentially be targeted by state actors. There is the cyber angle, but there are now also increasing concerns about physical threats as well. The issue is whether businesses think about themselves as part of the infrastructure of a country that might be an attractive target to state actors, or whether they are still thinking about themselves purely as private entities that, in the past, might not have been obvious targets for state actors. It is an evolving issue. In terms of best practices, I would not say that there is anyone that you could point at and say, “They are doing everything right”. For now, the best practice is to at least be thinking about it and about what your vulnerabilities are. It almost does not matter if you think about who the threat actor is and what their intent is, if you think about what the capability of threat actors to have an impact is. In a lot of cases you do not know who might be targeting you.

Senior people in all walks of life must be aware of those risks. I might hand this back to Alexandra, because it may be more in the line of business that your company is looking at than mine. It is something where maybe awareness should be higher of the physical risks to individuals that can exist, and we have seen that in the United States, of course, as well.

Exactly, that is it. There, again, it is not just about state actors.

No, it can be rogue individuals.

Exactly, yes, motivated by a lot of different ideologies. We are seeing a significant uptick in the requests that our security-focused teams get from companies for us to carry out threat assessments specifically on their executives. That has definitely, over the past year or so, been a huge change.

One issue here, and Alexandra touched on it, is that it is not clear who is a state-based actor, because, naturally, their actions are normally very well disguised. I would like to think about state-based activity in terms of surface area. What is the surface area of a company and how does that present itself? It is the surface area that a state-based actor is going to go for. They could go for your cyber-assets, people, technology or supply chain. If you look at it like that, that means that any company trying to understand its surface area needs to know every single element of it and have an education and training programme that means everybody understands how they work themselves to protect the company. That goes all the way down to the supply chain. This surface area piece is critical to understand the nature of the sorts of state actor activities that we might see. That comes to a point about threat briefings for seniors and how those threat briefings might be shared. For particular sectors, those threat briefings happen. They should be mandatory, in my mind. If you are responsible for key technology areas or key parts of the economy, you should have a threat briefing. It should be something that is almost a duty of care point to those seniors because they do not want to expose the company to any risk.

Can you unpack that term, “threat briefing”, for us?

Yes. There are intelligence briefings that the Government are able to give to particular industries and we know that they have rolled those out. At the moment, it is probably more in the defence space, but it is something that I believe is also accessible to other industries.

One thing that this Government need to do is to define what their key industries are. Looking back at what the previous Government did, they had the critical import strategy; I was involved in a working group on that. It defined the sectors that were critical import areas. If you rub that list up against some other lists that the Government have, you very quickly identify the areas of the economy that are considered to be important. Those are the areas that, if we say that they are susceptible to shocks or, were there to be a shock, that would have an economic and national security impact, should arguably be in receipt of more information to be able to help them understand and protect the surface area of their organisation. SMEs are very interesting here. Often the focus is on the larger companies, but a company is only as strong as its supply chain. With that broader surface area point, supply chains can be incredibly large, deep and global. As the Government look at economic security, it is about understanding supply chains. This is all about supply chains, supply chain resilience and what that means to the country. Ultimately, it comes down to what the dependency appetite is of any Government in terms of how they manage those supply chains through companies and how interventionist they want to be to protect those supply chains.

They view it as both, really. It is a whole set of issues around intellectual property, data, technology and so forth that are of concern to them because those are commercially significant issues. Obviously, that is of concern to them. Then there are the broader considerations about the impact of these attacks on the business as well. What was the second part of your question?

It is both. Businesses compete by having advantage over their competitors and that implies that they have a commercial advantage that they want to protect, so they do not want that to be lost. In addition to that, when they suffer these attacks, there is huge disruption. If you look at what is happening at the moment in the retail sector, there are inevitably commercial consequences to that. It depends on a number of factors as to how significant that is. If your brand is very strong and you are perceived to have been responding effectively to the challenge, I think that people give the company the benefit of the doubt. In some other cases, possibly including the one you alluded to, the perception was perhaps that the company had not responded quite as well as it might have in all respects. That can be very damaging to the longer-term reputation of that company and people’s confidence in the brand.

Sir Simon, I will start with you on this one. RUSI, in December 2023, at the Economic Security Private-Public Sector Forum, said that it was a “promising start” and that “Government should facilitate regular intelligence briefings, threat assessments, rapid response frameworks, and cyber-risk updates, in both formal and informal settings, to help businesses take proactive measures against emerging threats”. Could you give some views about parameters as to when you think that does and does not make sense, given that we are in a democracy and a free market, and how to think about that?

As a general principle, Government should be more open, where possible, to sharing potentially sensitive information, obviously managing it as appropriate, in order to engage effectively with business and other economic actors in the economy. It makes sense to me. A very good example is the National Cyber Security Centre, which has been a very successful example of how quite sensitive information that is held in relatively secret parts of Government can be effectively shared in a responsible and controlled way with economic operators. To the extent that we could build on that sort of model, we should seek to do so. At the same time, you have to accept that there are secrets and things that simply cannot be shared. That is always going to be the case. One problem that arises in those cases, in my experience, is that sometimes officials do not just say that. They just say nothing and then businesses do not know whether they are being taken seriously. Sometimes, you could say, “I am sorry. I cannot tell you that, but I can assure you that your concerns have been heard and taken into consideration”. That might be a better option. I would err on the side of more sharing, but obviously respecting the requirements of national security.

Alexandra, maybe from the Control Risks side, thinking of it that way, what do you see? How do you live that?

Companies always say, “We want as much information as possible”. In practical terms, it is worth doing only if there is something that those organisations can do with that information and if it can be framed in a way that has practical impacts for them, rather than just bombing them with information that might make them panic. Is there anything they can actually do about it? It is about thinking about what is structurally most useful.

Helen, do you want to add anything particularly?

I would like to agree about the practical points. Giving companies intelligence and information is very interesting, but it needs to be timely. The thing to remember here is that the Government need to understand what effect they want to have from sharing that information. Is it to provide a threat briefing? Is it to suggest a change in supply chain strategy or sourcing strategy? What is the effect they want to have with that? The reason why I say that is that, in some supply chains, it can take years to change suppliers. In fact, it could take decades if you are in a very long-term contract. There needs to be a closer working relationship between Government and industry for Government to understand the supply chains they are really interested in, so thinking about the key parts of the economy. They are sharing this information to have some effect or some change, but they need to recognise, ultimately, that companies are going to be making commercial decisions, weighing up information. Governments cannot tell companies what to do. If they want to do that, that is a very different situation. There needs to be a better understanding from Government about what they want companies to do once they share that intelligence.

Let us take a scenario that we looked at in Japan, so a very sophisticated economic security regime and very interesting, thoughtful public-private partnerships around sharing intelligence. One consequence of that might be that a company such as Mitsubishi really understands its supply chain inside out, understands where it is critically dependent on particular countries for, say, chips, and can then draw on public subsidies in order to stockpile and diversify risks. That feels like a very different kind of partnership model than the model that we have in this country.

It does feel integrated. This is where we need to see economic security as maybe a description of an ecosystem of different bits of Government that come together. Ultimately, you cannot do the sort of intervention that I was just talking about unless you have a supply chain strategy, an SME strategy or an industrial strategy that provides the resilience or alternate sourcing that maybe the intelligence is suggesting that you might diversify away from. It needs to be seen to be a short, medium and long-term strategy, but it needs to be collectively coming together and the dependencies in those policy areas need to be talking to each other. Otherwise, a lever is pulled, but without there actually being any alternative place for a company to go.

Let us take a scenario where a company has done the kind of analysis that you have all suggested it does. It understands that it has a particular surface area that is especially vulnerable. It is really worried about that. It would like to understand that better. It spends a lot of money on you guys trying to understand that a little bit better, but where does it then go? Who does it then ring up in Government to say, “We are really worried about this. If it goes wrong, that is a problem for the country. We would like to understand just how serious this risk is and what we can do about it”. Does the company ring Pat McFadden? Who does it call?

It might be the case that it phones the new Foreign Office team. There is a new geopolitical team that was announced by the Foreign Secretary back in March of this year. I have not engaged with it yet, but that is supposed to be giving intelligence and information. I do not know to what level that is going to be able to provide the sort of help and support that you just described. Maybe there will also be something that comes out of the industrial strategy and the trade strategy that plugs that gap and provides that practical advice.

Okay, but, as we sit here today, we are all a bit unclear. Alexandra, what is your perspective on that dilemma?

My perspective is that it would be an individual company. Some of them would have very close links with individuals in individual Government Departments and would probably start there. I would agree that there is no one obvious place where every business would go, “This is where I should go to”.

Is that a problem, or is that just life?

If this is a serious priority, and it should be, it is a problem, yes.

Sir Simon, what is your view on that?

I agree that different businesses have relations with different parts of Government, depending on what sector they are in, so they will have their own networks of contact at official and ministerial level, no doubt. My view is that, as I said, there should be a focal point in Government where businesses can raise these questions. In my view, that should be in the Cabinet Office, probably somewhere on the economic side of the National Security Secretariat. If there is a question where businesses do not know where to go or who to talk to, they should, as a default, address themselves there. It seems to me that that probably has to be somewhere at the centre of Government.

That could be a remodelled, perhaps enlarged, office like the National Cyber Security Centre.

The National Cyber Security Centre is slightly separate and is particular to a particular set of issues. There is a role in the national security structure of the economic deputy national security adviser, who is looking at the interface between security and economic factors. That role could probably be strengthened or given more visibility. If I myself was running a business, and I wanted to understand what was going on and could not find out from elsewhere, I would like to think that there was somewhere around that part of Government that I could address myself to and would get an answer from.

That has been an incredibly helpful introduction to it. Thank you so much for your evidence there. That has been incredibly compelling and clear. That concludes this panel.