If the UK Government gets its way, IT service vendors and other cloud-based service providers may soon be required to adopt new measures to strengthen their cybersecurity, amid rising concerns about supply chain risks.

The Department for Digital, Culture, Media and Sport (DCMS) has floated plans to make mandatory compliance with the National Cyber Security Centre’s Cyber Assessment Framework, which provides guidance for organisations responsible for vitally important services and activities.

In a press release, the government department claimed that businesses recognise that cybersecurity is a priority, but that “action lags behind”.

That damning assessment of the state of security, comes as newly published research reveals that the majority of Britain’s top business bosses (91 per cent, up from 84 per cent in 2020) see cyber threats as “a high or very high risk to their business”, but nearly a third of leading firms admitting that they are not taking action on supply chain cyber security, with only 69 per cent saying their organisation actively manages cyber-related supply chain risks.

This week the UK government responded publicly to the findings:

“…the Government recognises the close interaction and the frequent business model overlaps between digital technology providers such as managed service providers, cloud service providers and some software vendors. All of these types of suppliers are endemic third party providers of digital technology services and are an indispensable part of UK and global supply chains. The government therefore agrees that any future policy should consider this broader range of digital technology providers, moving away from an exclusive focus on managed services.”

“As more and more organisations do business online and use a range of IT services to power their services, we must make sure their networks and technology are secure,” said Digital infrastructure minister Julia Lopez. “Today (Read more...)