Related Articles
The new Cyber Security and Resilience Bill, which was first teased in July’s King’s Speech, will be introduced to Parliament in 2025.
The bill is set to introduce updates to the legacy regulatory framework for cybersecurity by expanding the remit of regulation to protect more digital services and supply chains.
In addition, the bill aims to put regulators on a strong footing to ensure essential cyber safety measures are being implemented.
Key to the bill is a mandate to increase incident reporting to give the government better data on cyber-attacks.
A flurry of hostile cyber-attack levied against critical infrastructure and UK government affiliated organisations, including London hospitals, the different NHS boards, the Ministry of Defence, ransom attacks against the British Library and Royal Mail, have galvanised an increased sense of urgency to secure the UK’s cyber sphere.
The cyber-attacks pose severe risks to these sectors, UK citizens, and the wider economy, with the total cost of cyber-attacks in the UK estimated to be at £30bn in 2023.
“The UK can’t afford to standstill when it comes to cyber policies, especially given the wave of high-profile attacks that have threatened CNI and businesses this year,” Andy Ward, SPV international for Absolute Security, said.
“Centralised incident reporting in the Cyber Security and Resilience Bill is an important measure to promote accountability when defending against cyber attacks and help to better understand the dangers and impact of threats such as ransomware.”
“In order to bolster nationwide cyber resilience, businesses must play an active role in enhancing their security systems and reporting threats when they occur.
“Security teams need visibility over their networks and device fleets for real-time monitoring, being alerted to suspicious behaviour as soon as it happens, as well as having the ability to free, or shut off, potentially compromised devices or applications when a major breach happens.”
Recommended reading
With the new bill, regulators like the Information Commissioner’s Office (ICO) are set to be in a better position to ensure proper security measures are being implemented, including cost recovery mechanisms to better resource these bodies, with a total of 12 regulatory bodies expected to benefit from these responsibilities.
The government will also open a public consultation in the coming months to gather input on these new regulations.
David Manfield, associate director for cybersecurity for Investigo, highlighted the recruitment challenges facing businesses: “Businesses are feeling the squeeze when it comes to recruiting cyber staff, reflecting talent pipeline struggles caused by tightening budgets over the past year. Boardrooms know the problem, with 30% saying that recruiting cyber staff is their main hiring concern, but the increase in the volume and complexity of cyber threats has exacerbated the issue.”
“While businesses should aim to have cyber experts in place at all times, there are cost-effective options to bolster cyber defences. Recruiting interim cyber staff, for example, to evaluate and set organisation-wide cyber policies, especially during peak threat periods throughout the year, offers a more budget-friendly way to remain resilient against cyber-attacks while looking to hire permanent staff.”
