Why Should Business Leaders Invest in Cybersecurity?
The UK government has published a draft Code of Practice on cyber security governance, which aims to help directors and senior leaders of businesses improve their cyber security practices and protect their organisations from cyber threats. The Code of Practice, which was developed in collaboration with...
The UK government has published a draft Code of Practice on cyber security governance, which aims to help directors and senior leaders of businesses improve their cyber security practices and protect their organisations from cyber threats.
The Code of Practice, which was developed in collaboration with industry directors, cyber and governance experts, and the National Cyber Security Centre (NCSC), sets out the expectations and responsibilities for directors and senior leaders, such as:
- Defining clear roles and responsibilities for cyber security across their organisations, and ensuring that they have the appropriate skills, knowledge, and resources to fulfil them.
- Implementing effective cyber security policies and procedures, and communicating them to all staff, customers, and stakeholders.
- Ensuring that their organisations have comprehensive and up-to-date plans to respond to and recover from cyber incidents, and that these plans are regularly tested and reviewed.
- Monitoring and measuring their cyber security performance and compliance, and reporting on any incidents or issues to the relevant authorities and parties.
- Fostering a culture of cyber security awareness and resilience among their employees, and providing them with adequate training and support to work safely and securely with new technologies.
The Code of Practice aims to establish cyber security as a key focus for businesses, alongside other risks such as financial and legal challenges. The Code of Practice also supports the UK’s ambition to become a global cyber power, and to harness the benefits of the digital economy.
Viscount Camrose, Minister for AI and Intellectual Property, said:
“Cyber attacks are as damaging to organisations as financial and legal pitfalls, so it’s crucial that bosses and directors take a firm grip of their organisation’s cyber security regimes – protecting their customers, workforce, business operations and our wider economy.
This new Code will help them take the lead in safely navigating potential cyber threats, ensuring businesses across the country can take full advantage of the emerging technologies which are revolutionising how we work.
It is vital the people at the heart of this issue take the lead in shaping how we can improve cyber security in every part of our economy, which is why we want to see industry and business professionals from all walks coming forward to share their views.”
The government is inviting businesses of all sizes and sectors with an interest in cyber and governance issues to share their opinions on the draft Code of Practice, and to help shape and deliver the future of improved cyber security in the UK. The consultation is open until 31 March 2024, and the final Code of Practice is expected to be published later this year.
The launch of the Code of Practice coincides with the publication of new statistics and analysis on the impact of the government’s Cyber Essentials scheme, which helps organisations protect against common cyber attacks. The scheme awards a “Cyber Essentials certificate” to organisations that demonstrate that they have essential cyber security controls in place. According to the latest figures, 38,113 certificates have been awarded to organisations in the past year, and 39% of the UK’s largest businesses now hold the certificate. The analysis also shows that around two thirds (66%) of businesses that have the certificate report that it has helped them improve their cyber security practices, and 57% say that it has increased their customer confidence.
The government encourages all organisations to apply for the Cyber Essentials scheme, and to use the Code of Practice as a guide to enhance their cyber security governance. By doing so, they can not only protect themselves and their customers from cyber threats, but also contribute to the UK’s cyber security and economic growth.