By Ashley Young-
New guidelines have been put in place to help directors and business leaders boost their cyber resilience, as UK government says cyber threats should be prioritized as a key business risk like financial and legal challenges
The guidelines aim to elevate the importance of cyber security issues to a level equivalent to financial and legal challenges, emphasizing the need for businesses to prioritize cyber threats.
The proposed Code outlines key actions for directors and senior leaders to bolster their cyber resilience and capitalize on digital technologies that drive innovation and competitiveness.
Developed in collaboration with industry directors, cyber and governance experts, and the National Cyber Security Centre (NCSC), the Code recommends that directors establish clear roles and responsibilities across their organizations.
This initiative seeks to protect customers, enhance operational safety, and safeguard the overall security of business operations. The Code emphasizes the importance of having detailed plans in place to respond to and recover from potential cyber incidents, urging regular testing to ensure robustness.
As part of the initiative, organizations are encouraged to equip employees with the necessary skills and awareness of cyber issues to confidently work alongside new technologies.
The government is soliciting views from businesses of all sizes and sectors to shape and refine the draft Code, demonstrating its commitment to collaborative efforts in improving cyber security across the UK.
Viscount Camrose, Minister for AI and Intellectual Property, emphasized the critical nature of cyber attacks and the need for organizational leaders to take a proactive stance in securing their operations.
The Code aims to empower directors to navigate potential cyber threats, enabling businesses to leverage emerging technologies safely.
The UK’s rapidly growing cyber landscape presents significant opportunities but also entails risks that need practical action and robust safeguards.
The Cyber Governance Code of Practice represents a pivotal step in redefining how leaders approach cyber risk, reinforcing the UK’s status as a cyber power while safeguarding its economy.
The announcement comes against the backdrop of alarming statistics, indicating that nearly one in three (32%) firms experienced a cyber breach or attack in the past year.
The government’s Cyber Essentials scheme, designed to protect against common cyber attacks, has been instrumental in promoting cyber security controls, with 38,113 organizations awarded the “Cyber Essentials certificate” in the past year.
Businesses adhering to Cyber Essentials are more likely to have formal cyber incident response plans, demonstrating the scheme’s positive impact.
The guidance comes as figures show almost one in three (32%) firms have suffered a cyber breach or attack in the past year, with a rise in damaging ransomware attacks and malicious actors posing significant threats as they look to take advantage of cyber security vulnerabilities.
New statistics and analysis showing the positive impact of the government’s Cyber Essentials scheme, which helps organisations protect against common cyber attacks, are also published today.
Through this scheme, organizations which demonstrate they have vital cyber security controls in place, including effective management of security updates, having suitable anti-virus software and removing default passwords, are awarded a “Cyber Essentials certificate”. 38,113 certificates have been awarded to organizations in the past year, and two in five (39%) of the UK’s largest businesses now hold the accolade.
Lindy Cameron, National Cyber Security Centre CEO, emphasized the broad responsibility for cyber security, urging CEOs and directors to understand the risks to their organizations.
Cyber security is no longer a niche subject or just the responsibility of the IT department, so it is vital that CEOs and directors understand the risks to their organization and how to mitigate potential threats.
This new Cyber Governance Code of Practice will help ensure cyber resilience is put at the top of the agenda for organisations and I’d encourage all directors, non-executive directors, and senior leaders to share their views.
Senior leaders can also access the NCSC’s Cyber Security Board Toolkit which provides practical guidance on how to implement the actions outlined in the Code, to ensure effective management of cyber risks.
To further support organisations to improve their cyber security and provide more clarity on best practice, the government is also publishing its response to a call for views on software resilience and security today, to help address software risks and make organisations more resilient to cyber threats.
A number of recent, high-profile cyber incidents, including one which took the NHS 111 service offline, have demonstrated the severe impacts attacks on software and digital supply chains can have.
The response to the call for views proposes steps to empower those who develop, buy and sell software to better understand how they can reduce risk, prioritizing the protection of businesses and other organizations that are reliant on software for their day-to-day operations.
Software is fundamental to virtually all technology used by businesses, from programmes for managing payroll, to essential operating systems and more advanced and emerging technologies such as AI.
Protecting software is therefore crucial to protecting businesses and organisations and is a critical part of the government’s work to improve UK cyber resilience.
The plans include measures to ensure software is developed and maintained securely, with risks better managed and communicated throughout supply chains.
The government is working with industry to develop these proposals further, from developing a code of practice for software vendors.
The newly introduced Cyber Governance Code of Practice is expected to drive awareness and action, with the government also addressing software resilience and security to further fortify organizations against cyber threats.
The call for views on software resilience and security will be open until March 19, 2024, contributing to the development of a comprehensive strategy to improve UK cyber resilience as part of the government’s £2.6 billion National Cyber Strategy.