On April 1, the United Kingdom Government gave a clearer idea of how to strengthen nations online defenders and better protect essential services and businesses. Notable, he described the scope of the next project of Safety and Cybernetic Resilience, offering the first real look at what the legislation will cover before its formal presentation at the end of this year.
For the government, it is a necessary step to take in the context of a growing wave of threats that ages the critical national infrastructure of the United Kingdom (CNI).
Thales’s 2024 data threat report figures show that 93 percent of CNI organizations experienced an increase in the doors of cyber attacks last year, 42 percent or suffered a data violation. In addition, according to its last annual review, the National Cyber Security Center (NCSC) was involved in 430 incidents, compared to 371 in 2023.
These are alarm figures, particularly when they consult the broad impacts that attacks may have.
In May 2024, payroll data of approximately 270,000 members of the Armed Forces of Great Britain were exposed to Chinese computer pirates after a rape that involved a third -party contractor. A month later, a ransomware attack against a NHS provider led to the postponement or around 10,000 appointments and 1,693 procedures in two hospitals. In addition, in September, Transport for London (TFL) was forced to suspend multiple services in London after the details of 5,000 clients were accessed.
The purpose of the new Cyber Safety and Resilience bill
When describing the scope of the new project of Cybernetic Security and Resilience, the Declaration of the United Kingdom Government is clear: with the digital economy of the United Kingdom increasingly attacked by cybercriminals and hostile states, impacting the essential and essential infrastructure and infrastructure. It must become a national priority.
The new bill aims to change the dial in this direction, updating the inherited frames of the United Kingdom, addressing the gaps in the current regulation and ensuring that all relevant entities are within the reach of the rules.
Crucially, he won only apply to critical national infrastructure organizations (CNI). In fact, the Government has confirmed that 1,000 service providers will fall into the scope of the measures.
This is a logical evolution. In the current hyperconnected environment, the attackers focus more and more on exploiting the networks of suppliers and partners. In fact, in the three main attacks that Toy Place between May and September 2024, it was the partners of the party party who were committed first.
In essence, supply chain violations have become digital rear doors that threat actors are using to infiltrate CNI. When addressing closest companies linked to CNI, many of which have more strict budgets and cyber security resources of Ferwer, the attackers can exploit the weakest link of the chain with a devastating effect.
Collecting this, the Government has confirmed that the new bill will have as its objective to harden supply chains and extend the protections between critical services, including IT service providers and other essential suppliers. Specifically, he said that the bill:
- Expand the regulation mandate to protect more digital services and supply chains
- Empower regulators to ensure that essential cyber security measures are implemented
- Demand an increase in incident reports to give the government better data on cyber attacks and improve threats
Ensure proactive alignment with ISO 27001
With the new bill established to bring more entities to the scope of the regulatory framework and introduce new requirements, many SMEs will be interested in understanding exactly what they should do to comply with the future.
While the details of the bill will be confirmed until later in the year, that should not prevent organizations from preparing. The question is, how can companies leave exactly without knowing exactly what will be asked?
The answer lies in a change in mentality. Instead of dealing with compliance as a stuttering exercise, reacting to a new legislation as it is introduced, digital service providers and CNI suppliers should think about making proactive and continuous improvements to their safety and risk management strategies.
Here, following the guide proven by the security standards recognized by Internationale, such as ISO 27001, can be a logical place to begin. Offering frames for the implementation and management of information security management systems, provides a plan for the success that companies can take advantage of, instead of having to build their own strategy from scratch.
While it is likely that the adoption of key international standards such as the thesis helps organizations to align with the next project of cyber security and resilience, those that accept them also benefit in several other ways.
By achieving ISO 27001 certification, organizations can demonstrate that best security practices follow that in turn can generate confidence between partners and customers. In addition, these best practices can improve internal alignment by clearly defining the general objectives and departmental responsibilities, whether legal equipment, security, governance or technicians.
In the rapid regulatory environment today, new requirements and demands that continue, including the next law of cyber security and resilience are emerging. Building a centralized strategy based on standards can significantly optimize compliance efforts.
As CNI’s threats continue to grow, and the regulatory landscape continues to harden, those who proactively adopt best practices from the beginning will be much better located to fulfill not only the fulfillment of compliance, but to maintain streaters funds, effective funds to combine funds.
The requirements of the Cybernetic Security and Resilience bill have not been confirmed. But the capacity of companies to build proactive strategies that achieve compliance by design is clearer than ever.
Sam Peters is Director of Products of In collaboration with
Read more
12 cybersecurity questions Each VC must make VC portfolio partners suffer from a third fall in business value if they have been paralyzed by a cyber attack. Ian Shelby says that there are a boxes questions that VC investors must make potential investments
5 Effective strategies to manage change in business: Sarwar Khawaja of Oxford Business College guides us through the navigation of changes in your business, from vision to digital transformation
Are we training leaders for yesterday problems? -Simon Phillips analyzes how the development of future leadership to meet modern commercial needs
