New laws to boost business cyber security

20 January 2022

The Department for Digital, Culture, Media and Sport (DCMS) has unveiled plans to bolster security standards across the UK.

They include improving the way firms report cyber security incidents and setting new qualification standards for those working in the sector to ensure they are properly equipped should the worst happen. The proposed new laws follow a rise in incidents targeting national infrastructure around the world. They are a response to a number of recent high-profile cyber incidents, including the SolarWinds and Microsoft Exchange Servers attacks, which used vulnerabilities in third-party products used by businesses to impact thousands of businesses around the world.

Under its proposals, the government said it wants to update the Network and Information systems (NIS) Regulations – which came into force in 2018 to improve the cyber security of companies that provide essential services such as water, energy, transport and healthcare by requiring them to put in place effective security measures.

Furthermore, the new laws would widen the regulations to include more third-party digital services, while the government has also proposed requiring large firms to provide better cyber incident reports to regulators. This includes making it a requirement to notify them of any cyberattack they suffer, not just those which impact their services.