The UK government is asking businesses to comment on what could be done to improve levels of cyber security in the UK. The government’s research suggests that some businesses still aren’t investing enough in cyber security and it wants to develop policy proposals to tackle this. Comments are sought by 20 December 2019.

The government’s research suggests that over a third of UK businesses suffered a cyber breach or attack in 2018, and that cyber incidents cost the UK economy £27bn annually. And, while 96% of FTSE 350 firms have cyber security strategies in place, only 57% of them regularly test their cyber incident response plans.

The UK’s Department of Digital, Culture, Media and Sport has therefore issued a ‘Call for Evidence’, asking corporates, auditors, investors, insurers and others for their views. This forms part of the government’s National Cyber Security Strategy, which aims to ensure all organisations in the UK are effectively managing their cyber risk.

The DCMS notes that laws like the GDPR and EU cyber security directive aim to increase cyber security – and the UK’s cyber security centre has issued guidance on good cyber security practice – but concludes that more incentives might be needed. It suggests that some businesses continue to see cyber security as an IT-specific issue, rather than something that enables everyday operations and should be treated as a business management challenge.

In particular, the DCMS seeks views on:

  • barriers to effective cyber risk management;
  • commercial barriers and incentives for investing in cyber security;
  • access to the right information for effective cyber risk management; and
  • areas of focus for future policy and regulatory interventions.

If you’d like to discuss how we can help you to manage your cyber risk, please contact us.