The UK Government has brought out a draft Code of Practice on cyber security governance, aimed at directors in business.
Viscount Camrose, Minister for AI and Intellectual Property at the Department for Science, Innovation and Technology (DSIT), said: “Cyber attacks are as damaging to organisations as financial and legal pitfalls, so it’s crucial that bosses and directors take a firm grip of their organisation’s cyber security regimes – protecting their customers, workforce, business operations and our wider economy. This new code will help them take the lead in safely navigating potential cyber threats, ensuring businesses across the country can take full advantage of the emerging technologies which are revolutionising how we work. It is vital the people at the heart of this issue take the lead in shaping how we can improve cyber security in every part of our economy, which is why we want to see industry and business professionals from all walks coming forward to share their views.”
The code, written with the UK official National Cyber Security Centre (NCSC), suggests companies have plans to respond to and recover from potential cyber incidents; that the plan should be regularly tested; and that a business has a formal system for reporting incidents.
NCSC CEO Lindy Cameron said: “Cyber security is no longer a niche subject or just the responsibility of the IT department, so it is vital that CEOs and directors understand the risks to their organisation and how to mitigate potential threats. This new Cyber Governance Code of Practice will help ensure cyber resilience is put at the top of the agenda for organisations and I’d encourage all directors, non-executive directors, and senior leaders to share their views. Senior leaders can also access the NCSC’s Cyber Security Board Toolkit which provides practical guidance on how to implement the actions outlined in the Code, to ensure effective management of cyber risks.”
The call for views is open until March 19.
Comments
Dan Morgan, Senior Government Affairs Director for Europe and APAC at SecurityScorecard recommended cyber risk ratings as an objective, quantifiable measure of an organization’s cyber security posture, akin to a credit score for cyber health. He said: “We urge the UK government to consider the mandatory inclusion or encouragement of cyber risk ratings in the final version of the Cyber Governance Code of Practice. Such a move will significantly contribute to the overall security and resilience of the UK’s digital economy.”