Jump to content

UK’s cyber incident reporting law to move forward in 2025


Recommended Posts

  • Author

UK’s cyber incident reporting law to move forward in 2025

UK’s cyber incident reporting law to move forward in 2025

The UK’s new government has teased further details of its proposed Cyber Security and Resilience Bill, confirming that it will contain a clause that mandates centralised incident reporting, including in the event cyber attacks that involve ransomware.

Keir Starmer’s incoming administration first brought forward the possibility of a mandatory reporting law in the King’s Speech in July 2024, and the bill’s two core objectives – to expand the remit of current regulation and paint a more accurate picture of the threat landscape – were warmly welcomed by experts at the time.

In the update, published on Wednesday 30 October to little fanfare, Westminster said that it planned to introduce the bill in 2025, and that a public consultation is in the planning stages.

It said recent events – such as ransomware attacks on NHS suppliers and hostile state actors caught lurking in Ministry of Defence networks – showed the impacts of cyber incidents could be severe, and that the UK’s laws had not kept pace with the rate of technological change, hence action to strengthen the country’s defences and protect critical national infrastructure (CNI) and digital services was a priority.

Additionally, it said, existing regulations reflect law inherited from Brussels following Brexit, and as these are now being rapidly superseded in the European Union (EU), change is even more urgently needed to ensure the UK does not mark itself out as a soft target in Europe, and to help British businesses remain on par with their competitors and peers across the Channel.

Crucial updates

The bill will make “crucial updates” to this legacy framework by, firstly, expanding its remit to protect more sectors, filling gaps in defences and hopefully preventing more attacks – such as that on NHS lab services partner Synnovis that disrupted patient care across South London during the summer.

Secondly, the government hopes to put regulators – such as the Information Commissioner’s Office (ICO) – on a stronger footing to ensure proper security measures are being implemented, potentially including cost recovery mechanisms to better resource these bodies, and enhancing their powers to proactively investigate vulnerabilities on their own. It expects a total of 12 regulatory bodies will ultimately hold, and benefit from, these responsibilities.

Finally, it hopes mandated incident reporting will provide it with better data on security incidents and ransomware attacks, helping improve overall understanding of the threat landscape and even providing early warning of potential attacks.

At the current stage of planning, the regulations will cover the transport, energy, drinking water, health and digital infrastructure sectors, and digital services including online marketplaces, search engines, and cloud computing services.



Source link

#UKs #cyber #incident #reporting #law #move

📬Pelican News

Source Link

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

Cookie Consent & Terms We use cookies to enhance your experience on our site. By continuing to browse our website, you agree to our use of cookies as outlined in our We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.. Please review our Terms of Use, Privacy Policy, and Guidelines for more information.