Last updated: 05 Aug 2024 02:00 Posted in:
The UK government is set to introduce Cyber Security and Resilience Bill to update existing regulations in place in the UK, the Network and Information Security (NIS) Regulations 2018.
In a background briefing paper published alongside the King’s Speech in July, the government said the new Bill “will strengthen the UK’s cyber defences, ensure that critical infrastructure and the digital services that companies rely on are secure”.
Cyber risk expert Stuart Davey of law firm Pinsent Masons said news of the proposed new legislation comes amidst “a heightened and evolving threat environment for organisations and as policymakers in other jurisdictions move to strengthen their own cybersecurity frameworks”.
The government said the UK’s regime requires “urgent update… to ensure that our infrastructure and economy is not comparably more vulnerable”.
The new Bill will aim “to protect more digital services and supply chains” and impose additional incident reporting obligations – including in relation to ransomware attacks. Other measures will be put forward to strengthen regulators’ powers.
“The government has identified the heightened and evolving cyber threat facing organisations, citing recent high-profile cyber attacks affecting the NHS and the Ministry of Defence, and its plans to bring forward this new Bill also come hot on the heels of public warnings from the UK National Cyber Security Centre about the cyber capabilities of China and Russia in particular,” Davey said.
A new report from data from insurer CFC found that the average monthly cost of implementing a full range of cyber security measures for an SME with 100 staff is £4,962. That equates to an annual spend of £59,566.
For its survey, CFC reviewed a number of cyber security solution costs from a range of third-party providers to calculate the cost to an SME in the UK employing 100 staff.
The company examined the same range of security measures to those currently provided under the insurer’s own cyber insurance policy, including phishing protection, external vulnerability management, external asset discovery, threat intelligence, zero-day vulnerability discovery and real-time cyber expert service.
“The biggest problem that brokers face when it comes to selling cyber insurance is price,” says Jason Hart, head of proactive insurance at CFC, who said that the average value of a ransomware demand is around £147,044.
CFC said its figures do not include any estimation of the cost to a business of the time required to install, update or manage any technology or software as part of any outsourcing arrangement.
“The government has identified the heightened and evolving cyber threat facing organisations, citing recent high-profile cyber attacks affecting the NHS and the Ministry of Defence, and its plans to bring forward this new Bill also come hot on the heels of public warnings from the UK National Cyber Security Centre about the cyber capabilities of China and Russia in particular.”
Stuart Davey, Pinsent Masons