Could cyber regulation for IT service providers be introduced?
Third party IT service providers could be required to follow new cyber security rules such as the National Cyber Security Centre’s Cyber Assessment Framework as part of new proposals to help businesses manage the growing cyber threat.
A consultation by the Department for Digital, Culture, Media and Sport (DCMS) looked into the security of digital supply chains and third party IT services with a view to legislating cyber security improvements. One potential option is create a mandatory standard against which all providers of cyber security services are measured and monitored.
The UK’s largest conveyancer, Simplify, has been hit by a cyber security attack in the last week, significantly impacting its operations. It has not yet revealed details of the attack and is still working to rectify the issue nearly 2 weeks later.
An increasing number of chairs, CEOs and directors of Britain’s top companies see cyber threats as a high or very high risk to their business, with a 7% increase from 84% to 91% in the last 12 months. But nearly a third of organisations are not taking action on supply chain cyber security, with only 69 per cent saying their organisation actively manages supply chain cyber risks.
Minister for Media, Data and Digital Infrastructure, Julia Lopez, said the government’s National Cyber Security Centre (NCSC) offers a range of cyber security support and advice on identifying business-wide risks and vulnerabilities including supply chain management, while also endorsing the Cyber Essentials scheme.
“As more and more organisations do business online and use a range of IT services to power their services, we must make sure their networks and technology are secure.”
“We are taking the next steps in our mission to help firms strengthen their cyber security and encouraging firms across the UK to follow the advice and guidance from the National Cyber Security Centre to secure their businesses’ digital footprint and protect their sensitive data.”
“There is industry support for developing new or updated legislation, with 82 per cent of respondents agreeing legislation could be an effective or a somewhat effective solution.”
“The government will now develop more detailed policy proposals and it is currently carrying out a review of the laws and measures which encourage firms to improve their cyber security and will launch a new national cyber strategy later this year.”