The UK government has invited all UK citizens to provide input on what they believe will be the best way to further encourage businesses to adopt stronger cyber security measures.
The “Call for Evidence”, which was set up today, asks what steps, including incentives and regulations, will encourage leaders of UK organisations to enact more efficient and effective cyber security policies.
In the review’s introduction, the Minister for Digital and Broadband reveals that fewer than half of FTSE 350 firms have a dedicated cyber security budget. This figure is quite shocking considering that in 2018 over a third of UK businesses suffered a cyber breach or attack.
Companies are getting better at assessing their cyber risks and 96% of FTSE 350 firms now have a cyber security strategy in place. But less than half (46%) have a dedicated cyber security budget and only 57% have a cyber incident response plan they test on a regular basis. Over three quarters (77%) of these leading firms furthermore fail to recognise the cyber risk across their diverse supply chains. We need to understand what more can be done to improve and incentivise investment in effective cyber risk management across the UK economy.Matt Warman – Minister for Digital and Broadband: Department for Digital, Culture, Media and Sport
The review aims to bridge the gaps in understanding that exist between the UK government and the organisations that are affected and governed by its policies and interventions with regard to cyber security.
Its primary focus is on “what drives the current commercial case for investment in cyber security”, therefore, input from influential organisations and those that may set market expectations are especially encouraged. Such organisations include (though are not limited to) “membership bodies, consultancies, auditors, insurers, investors, corporate and risk governance bodies, regulators and other regulatory bodies such as professional associations.”
With that all said, anybody is free to give their response, the details for responding can be found on their website here: https://www.gov.uk/government/publications/cyber-security-incentives-regulation-review-call-for-evidence
The review will run from 4th November until 20th December 2019.
As even the UK government tries to understand how to encourage businesses to adopt stricter and more effective cyber security policies, we encourage all our readers to look into Security Awareness Training as one of the most cost-effective methods of reducing their organisation’s cyber risk.
Have a look at our cost calculator, you may be pleasantly surprised at how affordable it really is.