UK Government Proposes New Cybersecurity Laws

The UK government proposed new laws for cybersecurity last week to increase security standards in outsourced IT services. 

“New laws are required in order to increase security standards in outsourced IT services,” says the UK government. Moreover, the issued proposals include guidance for organisations on how to report cybersecurity incidents. 

The proposed laws aim to cope with the pace as technology advances and increases flexibility. Furthermore, the UK Cyber Security Council has been advised to create a standard for qualifications and certifications required from people working in cybersecurity. This will help them prove their efficacy to protect businesses in the digital space. 

Following the cyberattacks on SolarWind and Microsoft Exchange Servers, these plans were issued in order to overcome the vulnerabilities in vendor services. Only 12% of the organisations actually review the cybersecurity risks immediate suppliers pose on the company, says the report by the Department for Digital, Culture, Media and Sport. On the contrary, only 5% of companies address the loopholes in the wider supply chain. 

New cyber attack laws proposed by UK Govt https://t.co/gBwNk0DKAV #fintech

— Finextra (@Finextra) January 21, 2022

Minister of State for media, data, and digital, Julia Lopez said, “The plans we are announcing today will help protect essential services and our wider economy from cyber threats. Every UK organisation must take their cyber resilience seriously as we strive to grow, innovate and protect people online. It is not an optional extra.”

The proposal rolled out by the UK government states that:

• Expand the scope of NIS Regulations that are typically provided by organisations that manage IT services. 
• Large companies must provide better cyber incident reporting to law making bodies along with a requirement to notify regulators about the cyber attacks the organisation suffers. 

NCSC Technical Director Dr Ian Levy, said: “I welcome these proposed updates to the NIS regulations, which will help to enhance the UK’s overall cyber security resilience. These measures will ensure that cyber security risks are properly managed by organisations and those on whom they rely.”

Suggested Read: Global Identity Fraud Report 2020 – Shufti