Brother
Professional
- Messages
- 2,590
- Reaction score
- 534
- Points
- 113
Regulators have developed a code with rules to protect companies. But you don't have to follow them...
The British government has called on CEOs of large companies to "be more assertive" in protecting themselves from cyber attacks and consider this threat as a key business risk, comparable to financial and legal problems.
The call followed the results of a study that found "insufficient involvement of directors" in the cybersecurity issues of their organizations. Only 30% of the companies surveyed have members on the board of directors who are clearly responsible for information security as part of their job responsibilities.
On Tuesday, a draft Code of Practice was published with instructions for top managers and directors to strengthen cyber resilience. The Government is waiting for their feedback on the proposed practices until March 19.
Despite years of effort, cyberattacks in the UK have already reached record levels. According to the latest figures from the Information Commissioner's Office, there were 874 ransomware attacks on UK businesses in the first three quarters of 2023 - a sharp increase from 739 incidents in the whole of 2022.
However, the statistics of data breaches do not reflect the full extent of the consequences of cyber attacks. These are losses for business and psychological harm to staff.
The increase in incidents is partly due to the development of the ransomware-as-a-service (ransomware as a service) model, which facilitates the path of novice criminals.
One of the key points of the Code is the requirement to prepare detailed plans for responding to cyber attacks and then restoring systems. British officials have repeatedly stressed that it is important not only to defend against attacks, but also to be able to quickly eliminate their consequences.
Recovery plans should be developed in addition to strong security features. This will allow companies to effectively counteract cyber threats.
On Tuesday, the government said that the Guidelines will be advisory in nature and will not be enshrined in law, although it supports a number of existing regulatory norms. The business community has already complained to the authorities about the complexity and complexity of the current rules in this area.
Key cybersecurity laws-the GDPR and NIS-continue to change. In particular, the British GDPR is planned to be reformed as part of the new Data Protection Law. The nature of the amendments is still being discussed in Parliament.
The previously promised amendment to NIS was removed from the Government's latest legislative program. It was supposed to tighten this law, but it is unlikely that it will be possible to make changes before the next election.
The British government has called on CEOs of large companies to "be more assertive" in protecting themselves from cyber attacks and consider this threat as a key business risk, comparable to financial and legal problems.
The call followed the results of a study that found "insufficient involvement of directors" in the cybersecurity issues of their organizations. Only 30% of the companies surveyed have members on the board of directors who are clearly responsible for information security as part of their job responsibilities.
On Tuesday, a draft Code of Practice was published with instructions for top managers and directors to strengthen cyber resilience. The Government is waiting for their feedback on the proposed practices until March 19.
Despite years of effort, cyberattacks in the UK have already reached record levels. According to the latest figures from the Information Commissioner's Office, there were 874 ransomware attacks on UK businesses in the first three quarters of 2023 - a sharp increase from 739 incidents in the whole of 2022.
However, the statistics of data breaches do not reflect the full extent of the consequences of cyber attacks. These are losses for business and psychological harm to staff.
The increase in incidents is partly due to the development of the ransomware-as-a-service (ransomware as a service) model, which facilitates the path of novice criminals.
One of the key points of the Code is the requirement to prepare detailed plans for responding to cyber attacks and then restoring systems. British officials have repeatedly stressed that it is important not only to defend against attacks, but also to be able to quickly eliminate their consequences.
Recovery plans should be developed in addition to strong security features. This will allow companies to effectively counteract cyber threats.
On Tuesday, the government said that the Guidelines will be advisory in nature and will not be enshrined in law, although it supports a number of existing regulatory norms. The business community has already complained to the authorities about the complexity and complexity of the current rules in this area.
Key cybersecurity laws-the GDPR and NIS-continue to change. In particular, the British GDPR is planned to be reformed as part of the new Data Protection Law. The nature of the amendments is still being discussed in Parliament.
The previously promised amendment to NIS was removed from the Government's latest legislative program. It was supposed to tighten this law, but it is unlikely that it will be possible to make changes before the next election.
