UK Government with the UK official NCSC (National Cyber Security Centre) has brought out guidance for directors and company boards about cyber defence.
Cyber Security Minister at the Department for Science, Innovation and Technology (DSIT) and north London MP Feryal Clark said: “A successful cyber attack doesnโt just have the potential to grind operations to a halt โ it could drain millions from the bottom line. If we want to drive the economic growth which is fundamental to our Plan for Change, then we need to stand side-by-side with British business leaders as they face down that threat. Our new Cyber Governance Code of Practice does exactly that โ setting out in clear terms steps organisations should take to safeguard their day-to-day operations, while also securing the livelihoods of their workers and protecting their customers.”
The 12-page document covers risk management, strategy, incident planning and oversight.
Comment
Simon Kean, business development director at Data Connect, welcomed the Code of Practice. He said: “The best practices give them action points which they can adopt to understand security within their organisation and see where more investments are needed to improve defences. Cyber is a still a new issue for many businesses today, which means boards and directors often donโt fully understand the threat or realise how it could impact successful operations.
“But in reality, attacks today can shatter organisations, bringing almost every aspect of their operations to a standstill. It is vital boards and directors understand this, so they can ensure cyber budgets are set in accordance with the scale of the threat, and that underspending isnโt leaving them exposed to dangerous attacks. However, the one caveat around the governmentโs recommendations is that they are clearly focused on organisations that already have a formal cyber security strategy in place.
“Many SMEs won’t be at this stage and won’t have the inhouse skills and resources to adopt the measures correctly, but this doesn’t mean the recommendations are any less important to them. For these organisations, it may be time to consider outsourcing to a cyber risk management consultant, which has the skills to improve cyber maturity and can also work with boards and directors to help educate them on cyber risk.โ
