Proposal for legislation to improve the UK’s cyber resilience

As part of the £2.6 billion National Cyber Strategy 2022 the government is working to improve the cyber resilience of businesses and organisations across the UK economy.

Recent high-profile cyber attacks, such as the December 2020 SolarWinds supply chain compromise, the May 2021 ransomware attack on the US Colonial Pipeline, and the July 2021 attack on the managed service provider Kaseya demonstrate how malicious actors are able to compromise a country’s national security and disrupt activities in the wider economy and society.

The government is therefore consulting on proposals for legislative changes which would drive up levels of cyber resilience, particularly in organisations which play an important role in the UK economy, like managed IT service providers.

A pre-consultation impact assessment has been provided to support the legislative proposals.

In addition, a separate consultation on Embedding standards and pathways across the cyber profession by 2025 is also being published. This details proposals for how a stronger cyber security profession can support better cyber resilience.

There is further analysis on the need to improve UK cyber resilience in the 2022 Review of Cyber Security Incentives and Regulation which is being published alongside this consultation.