Phone us
Following their landslide victory in the General Election on July 4th, the new Labour government made waves by announcing an ambitious 40 new bills during the King’s Speech on July 17th. Among these bills was the Cyber Security and Resilience Bill.

The Cyber Security and Resilience Bill (the Bill) was already making its way through Parliament but was halted before the General Election was called. While the extent to which the new Labour bill will differ from the Conservative version remains unclear, the Government’s background briefing notes offer some insight.

Context and Purpose of the Bill

This Bill has been introduced in the wake of recent severe cyber attacks on the NHS and Ministry of Defence. It aims to improve protection for essential public services against cyber criminals and state actors. The Government notes that this protection is crucial for stimulating growth by ensuring that the country’s critical digital infrastructure and services used by companies are secure. Essentially, the Bill updates existing regulations initially introduced by the EU, which have since been superseded in the EU but not in the UK following Brexit.

Key Provisions of the Bill

According to the Government’s briefing notes, the Bill will strengthen existing regulations by expanding their remit to protect a wider range of digital services and supply chains. Key provisions include:

  • Enhanced Regulatory Powers: The Bill will empower regulators to ensure crucial cyber safety measures are in place, including cost recovery mechanisms and proactive investigations of potential vulnerabilities.
  • Increased Incident Reporting: The Bill seeks to mandate increased incident reporting to provide the Government with more data on cyber attacks, aiming to prevent cyber incidents before they occur.
  • Broader Protection Scope: Expanding the remit of regulations to cover a wider range of digital services and supply chains.
Rationale Behind the Bill

The Government’s briefing notes highlight several critical figures to justify the introduction of this Bill. During a ransomware attack on the NHS in England in June, 3,396 outpatient appointments and 1,255 elective procedures were postponed across King’s College and Guy’s and St Thomas’ Hospitals. Furthermore, in 2011, the cost of cyber attacks to the UK was estimated at £27 billion per annum, a figure likely to have increased since then. Two Post-Implementation Reviews have shown that while the original regulations have been positive, they need to be updated faster and more frequently to keep pace with growing cyber threats. According to the review, just over half of essential service operators had updated or strengthened their policies and processes since the regulations came into effect in 2018.

Getting Prepared

While the details of the Bill’s contents are still emerging, organisations can take proactive steps to prepare. Conducting an independent health check audit against best practices can help identify gaps in current defences. This audit can inform budget allocations for future work and proactive measures to strengthen cyber defences.

Resiliency combines Cyber Security and Business Continuity. A health check on both areas can provide valuable insights. Internal audits often miss broader issues, so an external audit offers the necessary independence.

If you would like AJC to assist you with a health check of your defences, please get in contact. Preparing now can help you stay ahead of new regulations and enhance your organisation’s resilience against cyber threats.

Please contact us on 020 7101 4861 if you think we can help.

 

Image accreditation: Prime Minister’s Office of the United Kingdom (July 2024) from Wikimedia commons. Last accessed on 23.07.2024. Available at: https://commons.wikimedia.org/wiki/File:King_Charles_III_delivered_a_speech_to_the_Parliament_(2024).png

In case you missed it...

SWIFT’s AI-Driven Fraud Defence
SWIFT’s AI-Driven Fraud Defence: Strengthening Payment...

SWIFT announced last month that it is set to launch a new AI-powered fraud defence tool in January 2025 to...

Read More
Managing Financial Crime Risks
Managing Financial Crime Risks: Lessons from...

On October 2nd 2024, Starling Bank was fined £29 million for serious failings in onboarding high-risk customers and sanctions screening...

Read More
Spooky Cyber Security Facts to Haunt...

This Halloween, as ghosts and goblins fill the streets, an even scarier presence looms in the digital world: cyber threats...

Read More

Get in touch

    By submitting this form you are consenting that your data be handled in accordance with our Privacy Notice and we will be in touch regarding your enquiry.