Directors and company boards are being urged to shore up their cyber defences using new guidance published today, in a bid to protect their organisations from the growing tide of online threats.
A new Code of Practice launched by the Cyber Security Minister today (8 April) sets out how business leaders can protect their day-to-day operations and secure future growth for the British economy - the engine driving the government’s Plan for Change.
One of the actions include having a cyber strategy in place to ensure cyber risk management effectively supports business resilience and growth. Other key actions include promoting a cyber secure culture so employees at all levels know what to look out for, and putting incident response plans in place, allowing organisations to quickly respond to incidents when they occur.
The Code has received backing from across UK industry with organisations including the Institute of Directors, EY and Wavestone welcoming the launch.
Cyber attacks have become increasingly common, with 74% of large businesses and 70% of medium-sized firms experiencing attacks and breaches in the past year. Cyber threats cost the UK economy almost £22 billion a year between 2015 and 2019, with significant knock-on effects to daily operations and an organisation’s long-term reputation.
With a third of large businesses lacking a formal cyber strategy and nearly half of medium firms operating without an incident response plan, the Code provides the direction leaders need to take control of their cyber risk.
Cyber Security Minister Feryal Clark said:
A successful cyber attack doesn’t just have the potential to grind operations to a halt – it could drain millions from the bottom line.
If we want to drive the economic growth which is fundamental to our Plan for Change, then we need to stand side-by-side with British business leaders as they face down that threat.
Our new Cyber Governance Code of Practice does exactly that – setting out in clear terms steps organisations should take to safeguard their day-to-day operations, while also securing the livelihoods of their workers and protecting their customers.
NCSC CEO Richard Horne said:
In today’s digital world, where organisations increasingly rely on data and technology, cyber security is not just an IT concern – it is a business-critical risk, on a par with financial and legal challenges.
From my experience working alongside senior leaders across both private and public sectors, I’ve seen first-hand how robust cyber governance is essential to drive resilience, support growth, and help to ensure long-term success.
I urge all board members to engage with the new Cyber Governance resources unveiled today and make cyber security an integral part of their governance. Cyber security is a leadership imperative.
The Cyber Governance Code of Practice is the foundation of this new support package, developed in partnership with the National Cyber Security Centre and industry leaders setting out key actions boards should take to strengthen accountability and reduce risk. It’s supported by online training to help implement the Code, and a detailed Board Toolkit with further practical guidance. This will arm businesses with confidence in the tools they deploy to protect themselves online, safeguarding their businesses, their workers, and their customers.
This package, also produced in collaboration with Non-Executive Directors, ensures boards have practical, relevant resources to deepen their understanding and effectively govern cyber risks.
Small businesses looking to strengthen their online defences are encouraged to engage with the NCSC’s Small Business Guide, which provides quick and easy actions to help bolster their defences and support through the Cyber Local scheme, which provides tailored funding to boost the regional cyber skills.
Cyber security has become a central part of the government’s plans to secure the digital services which drive growth across the country to deliver on its Plan for Change.
Just last week, the Technology Secretary set out his ambition for cyber security legislation which will be introduced to Parliament later this year - a set of proposals which will protect the UK’s supply chains, critical national services, and IT service providers and suppliers. As part of the new measures, hospitals and energy suppliers are set to boost their cyber defences, protecting public services and safeguarding growth.