It looks likely that the UK will join a growing number of nations promoting cybersecurity’s importance for businesses including the introduction of new laws. Amongst the proposals being considered are adding new powers to the UK Cyber Security Council that could significantly change the reporting requirements associated with security incidents. From what has been shared to date, two points that stand out are as follows:  

  • More firms providing essential digital services should follow strict cyber security duties with large fines for non-compliance. 
  • Other legislative proposals include improved incident reporting and driving up standards in the cyber security profession.

It’s reassuring to hear these aspects being highlighted since they echo the sentiments of related topics including the depth and width of security reporting, investing in team members, and security defaults. The eventual introduction of the new legislation and subsequent risk of heavy fines for non-compliance can certainly help to motivate businesses to invest in security, but it’s also important to consider how you can get ahead of these requirements rather than just react to legal pressures when they are enacted into law. 

Getting Ahead of the Curve with the Right Team

When proposals that carry the weight of law are announced, I tend to suggest this as a perfect opportunity to immediately start planning for the potential implications. Many projects become deprioritized, and a cybersecurity initiative that will depend on an investment in new tooling and upskilling staff is no small undertaking. This is especially true when set against the deadline of new legislation.

With that in mind, where should a business start? A sensible place would be to begin with examining your cybersecurity team. With the right expertise in place, you can make sound investments and start building the processes that will help you comply with (Read more...)