To ask Her Majesty's Government what guidance and support they provide to businesses in relation to cyber security; and whether they intend to introduce systems for businesses to assess the adequacy of (1) their protection against cyber threats, and (2) their cyber security skills.
The National Cyber Security Centre (NCSC) was created in 2016 as part of the Government's five-year, £1.9 billion National Cyber Security Strategy and provides guidance and support to businesses and public sector organisations on all matters relating to cyber security. This includes the Small Business Guide, a Response and Recovery guide, a toolkit for Boards and an "Exercise In a Box" to help organisations assess their cyber resilience. Through the Cyber Essentials Scheme, companies are already able to assess whether they have put in place security measures to protect themselves against the majority of untargeted cyber attacks.
We are undertaking a comprehensive review of the UK’s cyber regulatory and incentives landscape. This builds on our last review in 2016, to understand what has worked well, and where further action is needed to drive the necessary improvements in cyber security behaviours and practices. This will be done with acknowledgement of the broader asks being placed on business as we look to grow and secure the digital economy. It will include consideration of whether and how businesses should be required to assess the adequacy of their cyber security and whether they have the skills they need to manage cyber security risk.