Bringing cyber security up to Code

In the face of constantly evolving cyber threats, directors and company boards are being urged to shore up their cyber defences using the government's new Cyber Governance Code of Practice. The Code sets out how business leaders can protect their day-to-day operations and secure future growth.

It recommends a series of key actions to promote cyber risk management and a cyber secure culture, as well as providing advice on incident response plans. Here we take a look at why the Code is needed and how it can help businesses.

Increasingly common attacks

Cyber-attacks have become increasingly common, with 74% of large businesses and 70% of medium-sized firms experiencing attacks and breaches in the past year, according to government data. Cyber threats cost the UK economy billions, with significant knock-on effects to daily operations and an organisation's long-term reputation.

A third of large businesses lack a formal cyber strategy and nearly half of medium firms operate without an incident response plan, the government says.

In addition, changes to working environments have created more IT challenges for businesses. Research by the British Chambers of Commerce (BCC) shows that more than half of firms believed working from home left their computer systems more exposed.

The BCC says there is an urgent need to tackle the current shortage of cyber security professionals with a digital safety skills gap facing over half a million businesses.

Key actions

The Cyber Governance Code of Practice has been developed in partnership with the National Cyber Security Centre (NCSC) and industry leaders and sets out key actions boards should take to strengthen accountability and reduce risk.

To help implement the Code, online training is available, along with a detailed Board Toolkit with further practical guidance. The government says this will arm businesses with confidence in the tools they deploy to protect themselves online, safeguarding their businesses, their workers and their customers.

This package, also produced in collaboration with Non-Executive Directors, ensures boards have practical and relevant resources to deepen their understanding and effectively govern cyber risks.

Online defences

Small businesses looking to strengthen their online defences are encouraged to engage with the NCSC's Small Business Guide, which provides quick and easy actions to help bolster their defences and support through the Cyber Local scheme, which provides tailored funding to boost the regional cyber skills.  

Collaborative approach

The Code was created in conjunction with businesses and business groups, including members of the Institute of Directors (IoD), who advised on the Code through panel discussions and a series of consultative workshops.

Dr. Erin Young, Head of Innovation and Technology Policy at the IoD, said: 'With cyber-attacks becoming more frequent, harmful and costly, cyber resilience is now a crucial boardroom responsibility. The new Cyber Governance Code of Practice provides practical guidance for boards and directors to effectively govern cyber risk and safeguard future growth.

'We welcome the collaborative approach from government to strengthening national cyber security and encourage all our members and the wider UK business community to engage with these new resources.'

Crucial for all

The Information Commissioner's Office (ICO) also welcomed the introduction of the Code.

John Edwards, UK Information Commissioner at the ICO, said: 'With cyber incidents increasing across all sectors, it is crucial for organisations and businesses to take a proactive approach to cyber security governance, including putting the appropriate security measures and training in place to protect people's data while boosting innovation.

'We welcome the new Cyber Governance Code of Practice and would encourage organisations to prioritise the digital safety of their assets and, ultimately, their reputation.'