New laws proposed to boost UK cyber resilience

The UK government has proposed wide-ranging new laws aimed at strengthening the country’s cyber resilience. The move comes after a rise in incidents targeting national infrastructure around the world.

Among the measures outlined are improvements in the way organisations report cyber security incidents, and new laws to drive up security standards in outsourced IT services used by almost all UK businesses.

The government says that the UK Cyber Security Council also needs powers to raise the bar and create a set of agreed qualifications and certifications so those working in cyber security can prove they are properly equipped to protect businesses online.

The plans follow recent high-profile cyber incidents such as the cyber attack on SolarWinds and on Microsoft Exchange Servers which showed vulnerabilities in the third-party products and services used by businesses can be exploited by cybercriminals and hostile states, simultaneously affecting hundreds of thousands of organisations. They also follow an increase in ransomware threats to organisations, including some in critical national infrastructure such as the Colonial Pipeline attack in the US.

Media, data, and digital infrastructure minster, Julia Lopez, said: “Cyber attacks are often made possible because criminals and hostile states cynically exploit vulnerabilities in businesses’ digital supply chains and outsourced IT services that could be fixed or patched.

“The plans we are announcing will help protect essential services and our wider economy from cyber threats. Every UK organisation must take their cyber resilience seriously as we strive to grow, innovate and protect people online. It is not an optional extra.”

Research by the Department for Digital, Culture, Media and Sport shows only 12% of organisations review the cyber security risks coming from their immediate suppliers and only one in twenty firms (5%) address the vulnerabilities in their wider supply chain.

The consultation period is open until 10 April 2022 with stakeholders invited to submit their responses to the proposals.

    Share Story:


Cyber risk in the transportation industry
The connected nature of the transport and logistics industries makes them an attractive target for hackers, with potentially disruptive and costly consequences. Between June 2020 and June 2021, the transportation industry saw an 186% increase in weekly ransomware attacks. At the same time, regulations and cyber security standards are lacking – creating weak postures across the board. This podcast explores the key risks. Published April 2022.

Political risk: A fresh perspective
CIR’s editor, Deborah Ritchie speaks with head of PCS at Verisk, Tom Johansmeyer about the confluence of political, nat cat and pandemic risks in a world that is becoming an increasingly risky place in which to do business. Published February 2022.