For the IT Security Guru, Chris Dimitriadis, Chief Global Strategy Officer at ISACA, explores the UK Government’s proposed Cyber Security Resilience Act.
As King Charles III read out the new Labour government’s plans at the State Opening of Parliament, our industry breathed a sigh of relief at the inclusion of the Cyber Security and Resilience Bill.
After an attack on London hospitals caused over 1,000 appointments and operations to be delayed, the proposed regulation is certainly welcome and couldn’t be timelier. According to recent research from the National Cyber Security Centre, the UK is one of the nations that has the biggest risk of suffering a cyberattack – leaving our critical sectors incredibly vulnerable.
The bottom line is that we need the new Labour government to prioritise cyber security alongside legislation and regulation that will help the UK to be more secure. So, what will its new bill mean for industry?
Organisations must share learnings
The proposed legislation will force companies to report hacks to authorities to help the government understand and prevent potential future ransomware attacks.
The sharing of knowledge is crucial. By sharing experiences and insights even across borders, organisations can gather information and learn from one another, thereby not repeating the same mistakes and reducing the opportunity for cyber criminals to succeed.
Universal standards across supply chains
In recent times, hackers have taken to attacking essential public sector services, including institutions such as the NHS and the Ministry of Defence, highlighting the need for stringent cyber security measures. The new bill will ensure that every company in the supply chain of these kinds of services, even if they’re privately owned, complies with a certain standard of protection.
It goes without saying that this is a great step in the right direction and will lower the vulnerability of some of these public and government bodies.
Keeping pace with emerging technologies
The King’s Speech also committed to establishing appropriate legislation to introduce guardrails for companies working to develop the most powerful AI models. Every AI tool is informed by data, and so it is imperative that there is protection in place. This way, the data that feeds into these tools can be regulated, and AI users can feel empowered to use it securely and safely.
The skills gap problem
But legislation and regulation won’t be the silver bullet solution on their own. Without a skilled workforce to support its safe and effective implementation, the impact of legislation will be minimal.
The government’s proposal to establish a new body, Skills England, aims to address the more general skills shortage crisis that the country is facing. It is set to work with industry unions and the Industrial Strategy Council to assess current and future skills demand.
It’s no secret that the cyber security industry has long suffered a skills gap. In fact, a report from the Department for Science, Innovation and Technology last year revealed that around 739,000 businesses (50%) in the UK have a basic cyber skills gap.
With hackers likely using the very technology we’re using to fight cybercrime to launch increasingly sophisticated attacks, workers need to be skilled enough to understand how it works and what to do in the event of a crisis.
How do we address the skills gap?
It’s vital that upskilling and training is encouraged and accessible for anyone looking to work in the sector. Nobody should feel that they are not able to go into tech, and people from all backgrounds should be encouraged to take the leap.
This will unlock a new pool of talent for organisations to hire and will diversify workplaces. Having a wide range of people and skills in the workplace fosters creativity and innovation, rather than hiring those that have the same background, qualifications and experiences.
Only when we have the right people in place will we be able to adequately detect cyber threats and attacks, protect organisations and their data and quickly recover and repair.
It’s reassuring to see that the new government clearly has cyber security and the future of AI firmly on its radar. Strengthening regulations and expanding their scope is non-negotiable and sets the scene for cyber security to be prioritised. However, upskilling and training staff in the sector is key to implementing change, and the Skills England Bill and reforms to the Apprenticeship Levy should offer new opportunities for organisations to build a safer and more secure environment for all.