Business leaders are being given new guidance on how to boost cyber resilience as the government urges firms to consider cyber threats as a key business risk in the same way as financial or legal challenges.
The draft code of practice on cyber security has been published in partnership with industry experts and the UK’s National Cyber Security Centre (NCSC) and is aimed at executive and non-executive directors.
The code will advise senior leaders to make cyber security issues a key focus for their business and recommends setting out clear roles and responsibilities across an organisation, boosting protection for customers and protecting the firm’s own ability to operate safely and securely.
The NCSC has repeatedly warned of the ongoing cyber threat to the UK, particularly from ransomware attacks, where hackers gain access to a user’s system and either steal or block access to data and demand a ransom payment in order to release it.
The new code suggests firms should have detailed plans in place to respond to and recover from any potential cyber incidents, regular testing in such plans and formal systems for reporting incidents.
The code also encourages firms to improve the cyber skills and awareness of their employees where possible.
“Cyber attacks are as damaging to organisations as financial and legal pitfalls, so it’s crucial that bosses and directors take a firm grip of their organisation’s cyber security regimes, protecting their customers, workforce, business operations and our wider economy,” minister for AI and intellectual property, Viscount Camrose, said.
“This new code will help them take the lead in safely navigating potential cyber threats, ensuring businesses across the country can take full advantage of the emerging technologies which are revolutionising how we work. It is vital the people at the heart of this issue take the lead in shaping how we can improve cyber security in every part of our economy, which is why we want to see industry and business professionals from all walks coming forward to share their views.”
In addition to publishing the code, the government has asked businesses to share their opinions on it, to help improve the future deliver of cyber security guidance in the UK.
NCSC chief executive Lindy Cameron said: “Cyber security is no longer a niche subject or just the responsibility of the IT department, so it is vital that CEOs and directors understand the risks to their organisation and how to mitigate potential threats.
“This new cyber governance code of practice will help ensure cyber resilience is put at the top of the agenda for organisations and I’d encourage all directors, non-executive directors, and senior leaders to share their views.
“Senior leaders can also access the NCSC’s cyber security board toolkit, which provides practical guidance on how to implement the actions outlined in the code, to ensure effective management of cyber risks.”