Listen to this post

On January 23, 2024, the UK government announced that it published a draft Code of Practice on cybersecurity governance (the “Code”). The guidelines in the Code are intended to “help directors and senior leaders shore up their defences from cyber threats.” The Code has been designed in partnership with industry directors, cyber and governance experts, and the UK National Cyber Security Centre (NCSC), with a key focus to ensure that organizations have detailed plans in place to respond to and recover from any potential cyber incidents. While it is acknowledged that “there is no one size fits all approach to governing . . . cyber risk”, there are certain “common fundamental actions” that may be taken. The Code is presented in the form of five overarching principles with relevant actions underneath each principle. The principles are: (i) risk management; (ii) cyber strategy; (iii) people; (iv) incident planning and response; and (v) assurance and oversight.

The government is seeking views on the draft Code from all sectors and invites responses to be provided by March 19, 2024.