As part of the 2016-2021 National Cyber Security Strategy the Government created the National Cyber Security Centre (NCSC) to be the authority on the UK’s cyber security environment, sharing knowledge, addressing systemic vulnerabilities and providing leadership on key national cyber security issues.
The NCSC’s work includes publishing practical security guidance, such as 10 steps to Cyber Security, which provides a sound basis for any business to take informed cyber security decisions and actions that are right for their organisation. For smaller businesses, NCSC’s Small Business Guide sets out easy, low-cost steps to help protect data, assets and reputation. Businesses may also join the Cyber information Sharing Partnership (CiSP), a joint industry and government initiative to exchange cyber threat information. The NCSC also manages the Cyber Essentials certification scheme, which helps any business demonstrate to their customers that they have taken basic steps to protect their business from a whole range of the most common cyber attacks.
In addition, the Government recently introduced the following legislation to encourage good practice in cyber security for businesses:
Data Protection Act 2018 — requires organisations to have appropriate technical and organisational cyber security measures in place to protect personal data
Network and Information Systems Regulations 2018 (known as the “NIS Directive”) — places legal obligations on the a) providers of essentials services and b) digital service providers to to improve their cyber-security