The government has updated its cybersecurity guidance for businesses, with the cybersecurity minister describing the threat facing UK companies from criminal gangs as “quite alarming”.
The cyber-governance code of practice calls on company directors to better prepare for breaches of cybersecurity and provides guidance on how businesses can protect their operations.
Feryal Clark, the minister for AI and digital government, said: “The significance of this code is making sure that people at the board level, directors and board members are aware and are taking responsibility for those risks.”
• Weekly cyberattacks on UK by pro-Russian and pro-Palestinian hackers
Richard Horne, chief executive of the National Cyber Security Centre (NCSC), which helped to create the code, added: “Cybersecurity needs to be seen as a business risk rather than an IT risk.”
The guidance comes as GCHQ, the country’s intelligence, security and cyber agency, has warned that an alliance of pro-Russian and pro-Palestinian hackers are launching cyberattacks every week against British organisations and state agencies.
The code offers access to digital training modules delivered by NCSC in addition to existing training courses on cyber-essentials. It has been drawn up in consultation with business groups such as the Institute of Directors.
Clark told The Times: “Businesses do recognise that cyber is a big risk, but it’s what they are doing to mitigate those risks, who is aware and at what level these decisions are being made.”
Horne described the threat to businesses as “particularly pertinent”. “We are seeing a more unstable world where the possibility of ransomware attacks or activist attacks is becoming more real and we are seeing organisations become more and more technology dependent.”
He added: “Most businesses recognise cybersecurity as one of their main risks, but yet there’s not a consistent approach or transparency or visibility around how organisations go about governing that risk.”
Erin Young, head of innovation and technology policy at the Institute of Directors, welcomed the code: “With cyberattacks becoming more frequent, harmful and costly, cyber resilience is now a crucial boardroom responsibility. [The code] provides practical guidance for boards and directors to effectively govern cyber risk and safeguard future growth.”
Peter Kyle, the science, innovation and technology secretary, said last week that the government planned to legislate later this year to further bolster the UK’s cybersecurity. The legislation includes the power to levy hefty fines on providers such as data centres for breaches of the rules. Clark said: “As a government, we are taking cybersecurity incredibly seriously at every level.”
