Government announces new Bill to strengthen the UK's cyber security and resilience
In yesterday’s King’s Speech, the Cyber Security & Resilience Bill was one of two specific pieces of legislation focussing on the technology sector that were announced. Its purpose is to strengthen the UK’s cyber defences and to ensure that critical infrastructure and the digital services that companies rely on are secure.
The Bill is an important step forward in addressing the growing number of attacks on the UK’s digital economy by cyber criminals and state actors that are affecting public services and infrastructure. In recent months, these have included attacks on our health services, local authorities, government departments, universities and democratic institutions – many of which have had severe impacts, such as the ransomware attack in June on the NHS in England which resulted in the postponement of elective procedures and outpatient appointments at King’s College Hospital and Guy’s and St Thomas’ Hospital. Furthermore, there is a significant risk to the economy: the financial cost of cyber-attacks to the UK was estimated to be £27 billion per annum in 2011 and this figure is certainly likely to have increased since then … With an insecure geopolitical landscape and the unprecedented advancement of technology, the threat only continues to rise.
As outlined in the King’ Speech document, the current cyber security regulations play an essential role in safeguarding the UK’s critical national infrastructure by placing security duties on industry involved in the delivery of essential services. The regulations cover five sectors (transport, energy, drinking water, health and digital infrastructure) and some digital services (including online marketplaces, online search engines, and cloud computing services). Twelve regulators (competent authorities) are responsible for implementing the regulations.
These regulations have had a positive impact, but progress hasn’t been fast enough and updates are essential in order to keep pace with the threat landscape.
So, what will the Bill do?
The government has announced that:
- The Bill will strengthen our defences and ensure that more essential digital services than ever before are protected, for example by expanding the remit of the existing regulation, putting regulators on a stronger footing, and increasing reporting requirements to build a better picture in government of cyber threats.
- The existing UK regulations reflect law inherited from the EU and are the UK’s only cross-sector cyber security legislation. They have now been superseded in the EU and require urgent update in the UK to ensure that our infrastructure and economy is not comparably more vulnerable.
- The Bill will make crucial updates to the legacy regulatory framework by:
- Expanding the remit of the regulation to protect more digital services and supply chains. These are an increasingly attractive threat vector for attackers. This Bill will fill an immediate gap in our defences and prevent similar attacks experienced by critical public services in the UK, such as the recent ransomware attack impacting London hospitals.
- Putting regulators on a strong footing to ensure essential cyber safety measures are being implemented. This would include potential cost recovery mechanisms to provide resources to regulators and providing powers to proactively investigate potential vulnerabilities.
- Mandating increased incident reporting to give government better data on cyber-attacks, including where a company has been held to ransom – this will improve our understanding of the threats and alert us to potential attacks by expanding the type and nature of incidents that regulated entities must report.
Jill Broom, Programme Manager, Cyber Security at techUK said:
“techUK welcomes the announcement of the Cyber Security & Resilience Bill and the new government’s recognition of the integral role that cyber security has in securing and enabling the critical sectors of our society and economy. Recent high-profile ransomware attacks on the NHS are just one example of the significant impact that cyber-attacks can have on the operation of vital functions as well as on our national security, therefore, it is encouraging to see this renewed emphasis on cyber resilience.
techUK and its members have been calling for the current NIS Regulations to be updated in order to keep pace with the ever-evolving threat landscape and harness the benefits that technology can offer. This Bill is an important step forward in prioritising the security of our critical national infrastructure; and we look forward to working with the government to ensure this legislation is fit for purpose and, at the same time, nurtures continued growth and development of innovation in the UK’s thriving cyber sector.”
You can read the full King’s Speech here and techUK’s insight of it here.
Dan Patefield
Dan Patefield
Dan leads the techUK Cyber Security programme, having originally joined techUK in August 2017 as a Programme Manager working across the Cyber and Defence programmes. He is responsible for managing techUK's work across the cyber security eco-system, bringing industry together with key stakeholders across the public and private sectors. Dan also provides the industry secretariat for the Cyber Growth Partnership, the industry and Governmnet conduit for supporting growth across the sector. A key focus of his work is to strengthen the public-private partnership across cyber security to support further development of UK cyber security policy.
Before joining techUK he worked as Forum Lead for the Westminster eForum. In this role he had a focus on the technology and telecoms space, on issues ranging from Broadband and Mobile Infrastructure, the Internet of Things, Cyber Security, Data and diversity in tech. Dan has a BA in History from the University of Liverpool.
- Email:
- [email protected]
- Phone:
- 020 7331 2165
Jill Broom
Jill Broom
Jill is techUK’s Programme Manager for Cyber Security, working across the cyber eco-system to bring industry together with key stakeholders across the public and private sectors.
Prior to focusing in on techUK's cyber security work, Jill was also part of techUK's Central Government programme team, representing the supplier community of technology products and services to Whitehall departments.
Before joining techUK, Jill worked as a Senior Caseworker for an MP, advocating for local communities, businesses and individuals, so she is particularly committed to techUK’s vision of harnessing the power of technology to improve people’s lives. Jill is also an experienced editorial professional and has delivered copyediting and writing services for public-body and SME clients as well as publishers.
- Email:
- [email protected]
- Twitter:
- @honeybroom
- Website:
- www.techuk.org
- LinkedIn:
- https://www.linkedin.com/in/jill-broom-19aa824
Annie Collings
Annie Collings
Annie joined techUK as the Programme Manager for Cyber Security and Central Government in September 2023.
Prior to joining techUK, Annie worked as an Account Manager at PLMR Healthcomms, a specialist healthcare agency providing public affairs support to a wide range of medical technology clients. Annie also spent time as an Intern in an MPs constituency office and as an Intern at the Association of Independent Professionals and the Self-Employed.
Annie graduated from Nottingham Trent University, where she was an active member of the lacrosse society.
- Email:
- [email protected]
- Twitter:
- anniecollings24
- LinkedIn:
- https://www.linkedin.com/in/annie-collings-270150158/