Consultation opens debate on proposed U.K. cyber governance code
Cybercrime is regularly cited as a leading concern for executives, yet board oversight of cyber risks is often inadequate and governance poorly understood, according to the authors of a proposed U.K. code of practice on cybersecurity governance.
On Jan. 23, the U.K.’s Department for Science, Innovation, and Technology opened a consultation to gather views on the code, which is intended to make cyber governance accessible for senior management and elevate cyber risk to the status of other core business risks, such as finance.
The code emphasizes the importance of embedding cyber resilience in organizational strategy and integrating it across all business processes. This should include an effective cyberattack response and recovery plan. Responsibilities for cybersecurity should be allocated to named individuals, and plans should be tested regularly. There should be a formal system for reporting cyber incidents, plus cyber training for all employees.