A new Code of Practice launched by the cyber security minister outlines standards for cyber governance for business leaders. The government aims to improve cyber hygiene across the UK as part of its plans to secure economic growth. 

The guide recommends that businesses create a cyber strategy that links cyber risk management and business resilience and growth. It also outlines how businesses can create a ‘cyber-secure culture’ so that all employees are able to assess risk and spot scams. It gives details of how to create incident response plans to mitigate the damage when incidents occur. 

The government hopes that it will encourage businesses to improve their cyber governance. A third of large businesses lack a formal cyber strategy and nearly half of medium firms operate without an incident response plan. 

“A successful cyber attack doesn’t just have the potential to grind operations to a halt – it could drain millions from the bottom line,” says cyber security minister Feryal Clark. “If we want to drive the economic growth that is fundamental to our Plan for Change, then we need to stand side by side with British business leaders as they face down that threat.”

The Cyber Governance Code of Practice is part of a new support package, developed in partnership with the National Cyber Security Centre (NCSC) and industry leaders, including ICAEW. Online training will be available to help implement the Code. A detailed board toolkit will provide further practical guidance.    

The government is encouraging small businesses looking to engage with the NCSC’s Small Business Guide. This provides simple actions to bolster cyber defences and support through the Cyber Local scheme.  

Meanwhile, technology secretary Peter Kyle set out his ambition for cyber-security legislation to be introduced to Parliament later this year, with the aim of protecting UK supply chains, critical services and IT service providers. 

ICAEW Head of Tech Policy Esther Mallowah says: “Boards and directors recognise the importance of cyber resilience to their organisations’ success but face an ever-evolving challenge in understanding and fulfilling their responsibilities around cyber governance,” “The Cyber Governance package, published by the UK government, helps to clarify their responsibilities and provides much needed direction on where to focus and what actions to take to govern cyber risk. We’re pleased the government is taking this action to support our members and to improve cyber resilience across the economy and look forward to continuing to work with the Department for Science, Innovation and Technology on the evolution of the code.”

Accounting firm EY also submitted to the government’s consultation on cyber governance. Rick Hemsley, UK Cybersecurity Leader, EY says: “We are proud to have contributed to the development of the Cyber Governance Code of Practice, drawing on our extensive real-world experience. 

“The code will serve as a vital resource for boards and senior leadership teams, providing them with the guidance needed to address cyber resilience. The code emphasises the importance of not only protecting sensitive data, but also ensuring that organisations can respond effectively to incidents when they occur. A strong culture of cyber resilience can help organisations to anticipate, withstand and recover from cyber incidents, ultimately safeguarding their stakeholders and maintaining trust in their operations.”