The UK government has indicated it will renew the Network and Information Systems Regulations following it latest review.
It has published the review by the Department for Digital, Culture, Media and Sport (DCMS), the second since the regulations went into effect in 2018, noting that they have generally working successfully and recommending that they be retained.
This is intended to maintain the momentum in improving the security of network and information systems that are critical to the provision of essential and digital services which, if disrupted, could cause significant economic and social harm.
Accelerator for improvements
In a statement to Parliament, Minister for Media, Data and Digital Infrastructure Julia Lopez MP, said: “The review is clear that the regulations have acted as an accelerator for improvements to the security of regulated organisations.
“Regulated organisations have shown an increase in the prioritisation of cyber security at senior level, increased investment in cyber security from boards, the introduction or improvement of cyber security policies, improved incident response management, and a greater awareness of aggregate risks.
“The review concludes that the regulations are an effective tool to drive good cyber security behaviours.”
It also makes recommendations for changes to strengthen and future proof the regulatory framework, in line with those in the DCMS consultation, published in January, on legislation related to cyber security.
These included a proposal that providers of critical managed services should be brought under the regulations, and that there should be legal requirements for relevant organisations to boost the cyber and physical security of their networks and information systems.