The government says a draft Code of Practice on cybersecurity governance published today will help directors and senior leaders shore up their defences from cyber threats.
Aimed at executive and non-executive directors and other senior leaders, the measures look to establish cybersecurity issues as a key focus for businesses, putting them on an equal footing with other threats like financial and legal pitfalls.
As part of this, the Code recommends that directors set out clear roles and responsibilities across their organisations, boosting protections for customers and safeguarding their ability to operate safely and securely.
A key focus, designed in partnership with industry directors, cyber and governance experts and the National Cybersecurity Centre (NCSC), is making sure companies have detailed plans in place to respond to and recover from any potential cyber incidents. The plan should be regularly tested so it’s as robust as possible, with a formal system for reporting incidents also in place.
Organisations are also encouraged to equip employees with adequate skills and awareness of cyber issues so they can work alongside new technologies in confidence.
The paper comes as the government launches a new call for views from business leaders.
“Cyberattacks are as damaging to organisations as financial and legal pitfalls, so it’s crucial that bosses and directors take a firm grip of their organisation’s cybersecurity regimes – protecting their customers, workforce, business operations and our wider economy, said Viscount Camrose, Minister for AI and Intellectual Property.
Cyber Essentials
The government says the introduction of the Cyber Governance Code of Practice marks “a pivotal step in how the leaders and directors of all organisations approach cyber risk, underpinning the UK’s credentials as a cyber power and protecting our economy.”
If you liked this content…
Government proposes new laws to strengthen UK against cyberattack
Businesses urged to act as two in five UK firms experience cyberattacks in the last year
Ministers consider ban on ransomware payments for UK public bodies
Navigating supply chain vulnerabilities: A roadmap for government resilience
Russian cybercriminals behind NHS hospitals critical incident
The guidance comes as figures show almost one in three (32 percent) firms have suffered a cyber breach or attack in the past year, with a rise in damaging ransomware attacks and malicious actors posing significant threats as they look to take advantage of cybersecurity vulnerabilities.
New statistics and analysis, which the government says shows the positive impact of its Cyber Essentials scheme are also published today.
Through this scheme, organisations which demonstrate they have vital cybersecurity controls in place, including effective management of security updates, having suitable anti-virus software and removing default passwords, are awarded a ‘Cyber Essentials certificate’. 38,113 certificates have been awarded to organisations in the past year, including two in five (39 percent) of the UK’s largest businesses.
“Cybersecurity is no longer a niche subject or just the responsibility of the IT department, so it is vital that CEOs and directors understand the risks to their organisation and how to mitigate potential threats,” said Lindy Cameron, National Cybersecurity Centre CEO.
“This new Cyber Governance Code of Practice will help ensure cyber resilience is put at the top of the agenda for organisations and I’d encourage all directors, non-executive directors, and senior leaders to share their views.”
Plans for software resilience and security
The government is also publishing its response to a call for views on software resilience and security today, to help address software risks and make organisations more resilient to cyber threats.
The response to the call for views proposes steps to empower those who develop, buy and sell software to better understand how they can reduce risk, prioritising the protection of businesses and other organisations that are reliant on software for their day-to-day operations.
The plans include measures to ensure software is developed and maintained securely, with risks better managed and communicated throughout supply chains. The government says it is working with industry to develop these proposals further, from developing a code of practice for software vendors, which will form the crux of this proposed package, to cybersecurity training for professionals.
