The UK Government has launched a consultation on a draft Cyber Governance Code of Practice, calling for business leaders to provide feedback.
The Department for Science, Innovation and Technology (DSIT) has published the document in partnership with the National Cyber Security Centre (NCSC).
They said a key focus of the draft code – designed in partnership with industry directors and cyber and governance experts – is on making sure organisations have detailed planes in place to respond to and recover from any potential cyber incidents. The plan should be regularly tested and accompanied by a formal system for reporting incidents.
The draft outlines a series of actions on risk management, cyber strategy, people, incident planning and response, and assurance and oversight.
It is accompanied by a series of survey questions.
Severe impacts
DSIT and NCSC said that a number of high profile cyber incidents, including one that took the NHS 111 service offline, have demonstrated the severe impacts that can come from attacks on software and digital supply chains.
Minister for AI and Intellectual Property Viscount Camrose said: “Cyber attacks are as damaging to organisations as financial and legal pitfalls, so it’s crucial that bosses and directors take a firm grip of their organisation’s cyber security regimes - protecting their customers, workforce, business operations and our wider economy.
“This new code will help them take the lead in safely navigating potential cyber threats, ensuring businesses across the country can take full advantage of the emerging technologies which are revolutionising how we work.
“It is vital the people at the heart of this issue take the lead in shaping how we can improve cyber security in every part of our economy, which is why we want to see industry and business professionals from all walks coming forward to share their views.”
Understanding risks
NCSC CEO Lindy Cameron added: “Cyber security is no longer a niche subject or just the responsibility of the IT department, so it is vital that CEOs and directors understand the risks to their organisation and how to mitigate potential threats.
“This new Cyber Governance Code of Practice will help ensure cyber resilience is put at the top of the agenda for organisations and I’d encourage all directors, non-executive directors, and senior leaders to share their views.”
The consultation will be open until 19 March.
