The UK government has told business leaders to “strengthen” their defenses against cyber-attacks and prioritize the threat as a major business risk alongside financial and legal issues.
This is based on a government study that identified “insufficient board involvement” in organizations’ cybersecurity, with “directors or trustees clearly responsible for cybersecurity as part of their job duties.” Only 30% are companies.
a draft code of practice The document, published on Tuesday, aims to set out “key actions” senior executives and directors should take to strengthen cyber resilience, and will receive feedback from these business leaders on their practices until March 19. I’m looking for feedback.
Resilience has been a key pillar of the UK Government’s approach to cybersecurity threats for many years. Despite the efforts put into this effort, cyberattacks appear to be at an all-time high.
According to the latest tranche, Security incident trend data The Information Commissioner’s Office (ICO) said there were 874 ransomware attacks against UK organizations in the first three quarters of 2023, a sharp increase compared to 739 recorded in all of 2022.
However, the simple measure of the number of data breaches reported to the ICO due to ransomware attacks reflects the more complex impact of cyber-attacks, from impact on productivity to serious psychological harm to victims. I have not.
The increase in attack volume is believed to be driven, at least in part, by the success of the ransomware-as-a-service ecosystem, which has lowered the bar for criminals to engage in destructive attacks. I did.
One of the key aspects of the new norms is to ensure that businesses “develop detailed plans to respond to and recover from potential cyber incidents.”
UK officials have emphasized the importance of recovering from incidents and ensuring that organizations have sufficient defenses to prevent them from occurring.
The government said on Tuesday that the code of conduct is ultimately voluntary and will not be placed on a legal basis, but it “supports and is consistent with a number of existing regulatory obligations”.
Business leaders told the government they found the regulatory environment “complex and difficult to navigate.”
Key regulations – General Data Protection Regulation (GDPR) and Network and Information Systems (NIS) Regulation — continues to change. The UK GDPR currently Data Protection and Digital Information BillHowever, the nature of the changes is subject to parliamentary scrutiny.
Meanwhile, the update to the NIS regulations, which the government had promised to bring forward, was left out of last year’s King’s Speech, meaning the government missed its last chance to actually update the law before the general election.
recorded future
intelligence cloud.
There are no past articles
There are no new articles