Cyber resilience is a key strategic concern for national security, the economy and the public sector, and the new Labour government has committed to urgently updating the current cyber security framework to address key vulnerabilities and to strengthen the UK's cyber defences.
In the King's Speech, the new Labour government unveiled plans for a new Cyber Security and Resilience Bill which is said to ensure the protection of essential digital services and critical national infrastructure.
The move will expand the remit of the UK's only cross-sector cyber security legislation, the Network and Information Security Regulations 2018 (NIS), just as our European counterparts are set to implement their own updated and expanded regime through NIS2 in Autumn this year. The government acknowledges those European updates and that the existing UK regulations "require urgent update to ensure that our infrastructure and economy is not comparably more vulnerable".
We live in a complex and evolving cyber threat landscape, with a growing reliance on digital infrastructure (demonstrated by the recent IT outage that left millions off-line) and an increase in geopolitical involvement in cyber risk. With this in mind, the early commitment to cyber resilience by the new government comes as no surprise but for those of us working closely with cyber risk on a daily basis, it is a very welcome move. According to the government, expanding the remit of NIS to protect more digital services and supply chains will "fill an immediate gap in our defences and prevent similar attacks experienced by critical public services in the UK, such as the recent ransomware attack impacting London hospitals".
The Bill is also set to increase the scope of mandatory incident reporting to provide the government and the National Cyber Security Centre (NCSC) with better data on cyber-attacks, existing vulnerabilities and developing threats. Jon Ellison, NCSC's Director of National Resilience welcomed the commitment to updating the current legislative and regulatory framework, stating that "the cyber threat to the services on which we all rely, such as water, power and healthcare, is one which we must continue to urgently address. The announcement of the Cyber Security and Resilience Bill is a landmark moment in tackling this growing threat".
Our expert Cyber team will be following developments closely to keep the draft text of the Bill and its move through Parliament under review. If you are currently covered by NIS, or work with or supply to critical national infrastructure in the sectors of transport, energy, drinking water, health and digital infrastructure, contact us to find out more about the proposed developments mean for you.
What now?
Our expert Cyber team will be following developments closely to keep the draft text of the Bill and its move through Parliament under review. If you are currently covered by NIS, or work with or supply to critical national infrastructure in the sectors of transport, energy, drinking water, health and digital infrastructure, contact us to find out more about the proposed developments mean for you.
Outside of the NIS, we are increasingly assisting a wide range of organisations to take a pre-emptive look at cyber risks to leave them better placed to deal with the fallout from a cyber-attack, whether that is an attack on that organisation, its supply chain, customer base, or all of the above.
CyberSecure 360 is our service designed to provide your organisation with expert guidance and comprehensive services, aimed at strengthening your business against ever-evolving cyber risk. Whether you are looking to test your cyber-readiness, or seeking assistance with mitigating the impact of a breach, our unique cyber risk management services will help you embark on your cyber journey with confidence.
Contact us at cyber360@trowers.com to discuss.