ICAEW.com works better with JavaScript enabled.

Code urges businesses to beef up cyber resilience

Author: ICAEW Insights

Published: 13 Feb 2024

Cyber threats should be prioritised as a key business risk just like financial and legal challenges, the government says, as it seeks feedback on draft guidelines to help business leaders boost cyber resilience.

A draft Code of Practice on cyber security governance aims to help directors and senior leaders shore up their defences from cyber threats.

Aimed at executive and non-executive directors and other senior leaders, the Code outlines a series of actions across areas including risk management, cyber strategy and oversight and assurance to help businesses put cyber risks on an equal footing with other threats, such as financial and legal pitfalls. 

Designed in partnership with industry directors, cyber and governance experts and the National Cyber Security Centre (NCSC), the Code recommends that directors set out clear roles and responsibilities across their organisations, boosting protections for customers and safeguarding their ability to operate safely and securely.

It calls on companies to have detailed plans in place as a foundation to responding to and recovering from any potential cyber incidents. The plan should be regularly tested and organisations should also have in place a formal system for reporting incidents. Companies are also encouraged to equip employees with adequate skills and awareness of cyber issues. 

Viscount Camrose, Minister for AI and Intellectual Property, says: “Cyber attacks are as damaging to organisations as financial and legal pitfalls, so it’s crucial that bosses and directors take a firm grip of their organisation’s cyber security regimes – protecting their customers, workforce, business operations and our wider economy.

“This new Code will help them take the lead in safely navigating potential cyber threats, ensuring businesses across the country can take full advantage of the emerging technologies that are revolutionising how we work.”

Meanwhile, the government has launched a call for views from business leaders with an interest in cyber and governance issues to share their opinions on the draft Code. “It is vital the people at the heart of this issue take the lead in shaping how we can improve cyber security in every part of our economy, which is why we want to see industry and business professionals from all areas coming forward to share their views,” Camrose adds. 

The digital economy offers huge potential benefits to the UK economy. However, it is not without its risks and they must be addressed with practical action and robust safeguards. Almost one in three (32%) firms have suffered a cyber breach or attack in the past year, with a rise in damaging ransomware attacks and malicious actors posing significant threats as they look to take advantage of cyber-security vulnerabilities. 

The government’s Cyber Essentials scheme helps organisations protect against common cyber attacks by demonstrating they have cyber-security controls in place, including effective management of security updates, suitable anti-virus software and good password management to receive a Cyber Essentials certificate. 

In the past year, 38,113 certificates were awarded to organisations, including to two in five of the UK’s largest businesses. Two thirds of businesses that adhere to Cyber Essentials have a formal cyber incident response plan, compared with just 18% of those who don’t follow its guidance, according to the latest Cyber Security Breaches Survey.

Lindy Cameron, National Cyber Security Centre CEO, says: “Cyber security is no longer a niche subject or just the responsibility of the IT department, so it is vital that CEOs and directors understand the risks to their organisation and how to mitigate potential threats.

“Senior leaders can also access the NCSC’s Cyber Security Board Toolkit, which provides practical guidance on how to implement the actions outlined in the Code, to ensure effective management of cyber risks.”

The call for views, which will be open until 19 March 2024, will help ensure the new Code is straightforward to understand and roll out, and will also help to identify any potential barriers organisations could face in bringing it into force. 

The work is part of the government’s £2.6bn National Cyber Strategy to protect and promote the UK online. 

Mike Miller, ICAEW Economic Crime Manager, says: “Cyber-enabled threats present a constantly evolving challenge for organisations of all sizes and for individuals. The wide range of economic and other crimes conducted through cyber means – from mass phishing campaigns to complex, targeted attacks such as ransomware and intellectual property theft – mean that cyber security has to be a key priority for all organisations. 

“We welcome the various tools that have been developed by the NCSC and encourage organisations, from board level down, to raise awareness and implement the measures outlined to best defend against, and respond effectively to, cyber threats.” 

Further resources

Resources
Cyber Security Awareness month 2023
Cyber security awarness

Each year ICAEW marks Global Cyber Security Awareness month with dedicated resources to help you know what to do when a cyber attack happens.

Browse resources
ICAEW Community
Data visualisation on a smartphone
Data Analytics

Helping finance professionals develop the advanced data analytics and visualisation skills needed to succeed in this insight-driven era.

Find out more
Elearning
Finance in a Digital World - support for ICAEW members and students on digital transformation and technology
Finance in a Digital World

ICAEW has worked with Deloitte to develop Finance in a Digital World, a suite of online learning modules to support ICAEW members and students, develop awareness and build understanding of digital technologies and their impact on finance.

Open AddCPD icon

Add Verified CPD Activity

Introducing AddCPD, a new way to record your CPD activities!

Log in to start using the AddCPD tool. Available only to ICAEW members.

Add this page to your CPD activity

Step 1 of 3
Download recorded
Download not recorded

Please download the related document if you wish to add this activity to your record

What time are you claiming for this activity?
Mandatory fields

Add this page to your CPD activity

Step 2 of 3
Mandatory field

Add activity to my record

Step 3 of 3
Mandatory field

Activity added

An error has occurred
Please try again

If the problem persists please contact our helpline on +44 (0)1908 248 250