Does the UK need to improve IT security standards?

The UK Government has started a consultation on new measures to boost British businesses’ cyber security after recent high profile attacks

The UK Government has said new laws are needed to drive up security standards in outsourced IT services used by almost all UK businesses.

The way organisations report cyber security incidents and reforming legislation so that it is more flexible and can react to the speed of technological change, are other proposals made by the government.

Minister of State for Media, Data, and Digital Infrastructure, Julia Lopez, said: “Cyber attacks are often made possible because criminals and hostile states cynically exploit vulnerabilities in businesses’ digital supply chains and outsourced IT services that could be fixed or patched. The plans we are announcing today will help protect essential services and our wider economy from cyber threats.

“Every UK organisation must take their cyber resilience seriously as we strive to grow, innovate and protect people online. It is not an optional extra.”

 

Improving the cyber security of companies providing essential services

Research by the Department for Digital, Culture, Media and Sport shows only 12% of organisations review the cyber security risks coming from their immediate suppliers and only one in twenty firms (5%) address the vulnerabilities in their wider supply chain.

In order to improve the cyber security of companies that provide essential services such as water, energy, transport, healthcare, and digital infrastructure, the Network and Information Systems (NIS) Regulations came into force in 2018.  

The government now wants to update the NIS Regulations and widen the list of companies in scope to include Managed Service Providers (MSPs) which provide specialised online and digital services, such as security services, workplace services and IT outsourcing. The government has now launched a consultation on amending the NIS regulations which include proposals to:

  • Expand the scope of the NIS Regulations’ to include managed services. These are typically provided by companies which manage IT services on behalf of other organisations.
  • Require large companies to provide better cyber incident reporting to regulators such as Ofcom, Ofgem and the ICO.
  • Give the government the ability to future-proof the NIS regulations by updating them and if necessary bring into scope more organisations in the future which provide critical support to essential services.

 

Providing the UK Cyber Security Council with new abilities 

In March 2021, the government established and funded the UK Cyber Security Council, a new independent body to lead the cyber workforce.

New proposals would give the council the ability to define and recognise cyber job titles and link them to existing qualifications and certifications. People would have to meet competency standards set by the council before they could utilise a specific job title across the range of specialisms in cyber security.

This in turn would make it easier for employers to identify the specific cyber skills they need in their organisations and create clearer information on career pathways for young people as well as existing practitioners, without providing unnecessary barriers to entry and progression.

Simon Hepburn, CEO at UK Cyber Security Council, said: “The UK Cyber Security Council is delighted that these proposals recognise our cyber workforce lead role that will help to define and recognise cyber job roles and map them to existing certifications and qualifications.

“We look forward to being involved in and contributing to this important government consultation and would encourage all key stakeholders to participate too.”

 

Share

Featured Articles

Why the UK is Listing Data Centres as Critical Cyber Assets

Being Western Europe's leader in number of Data Centres, the UK has decided to take steps to ensure they receive adequate protection from cyber threats

Trustwave Reveals the Financial Sector's Cyber Threats

Although it's not new to think that financial services organisations are prime targets for cybercriminals, the threat landscape they find themselves in is

TCS and Google Cloud Join for Solution to Secure the Cloud

TCS partners with Google Cloud to launch a range of AI-powered cybersecurity solutions to help businesses secure their clouds against advanced threats

Cybersecurity Conglomerate Reveals Threats Facing Consumers

Cyber Security

Decoding the US' Most Misunderstood Data Security Terms

Cyber Security

Orange Cyberdefense's Wicus Ross Talks Cyber Extortion Trend

Hacking & Malware