New laws proposed to boost UK business cyber security
New laws have been proposed that would help boost the UK’s resilience from cyber attack, following a rise in incidents targeting national infrastructure around the world.
The Department for Digital, Culture, Media and Sport (DCMS) has unveiled plans to bolster security standards across the country, including improving the way firms report cyber security incidents and setting new qualification standards for those working in the sector to ensure they’re properly equipped to do so.
The plans come in response to a number of recent high-profile cyber incidents, including the SolarWinds and Microsoft Exchange Servers attacks, which used vulnerabilities in third-party products used by businesses to impact thousands of businesses around the world.
Under its proposals, the Government said it wants to update the Network and Information systems (NIS) Regulations – which came into force in 2018 to improve the cyber security of companies that provide essential services such as water, energy, transport and healthcare by requiring them to put in place effective security measures.
The new laws would widen the regulations to include more third-party digital services, while the Government has also proposed requiring large firms to provide better cyber incident reports to regulators – including making it a requirement to notify them of any cyber attack they suffer, not just those which impact their services.
“Cyber attacks are often made possible because criminals and hostile states cynically exploit vulnerabilities in businesses’ digital supply chains and outsourced IT services that could be fixed or patched,” media, data and digital infrastructure minister, Julia Lopez, said.
“The plans we are announcing today will help protect essential services and our wider economy from cyber threats.
“Every UK organisation must take their cyber resilience seriously as we strive to grow, innovate and protect people online.
“It is not an optional extra.”