The Cyber Resilience Bill arrived last month in the wake of a slew of attacks on major UK companies. There’s a long way to go until this Bill becomes law, but in its current form, it’s promising.
From my experience, this level of change is gradual and takes time to be adopted. The last major raft of cyber legislation, 2018’s NIS regulations, was a vital step forward and provided a good set of national guidelines for organisations. They were not, however, a concrete reporting framework that encouraged collaboration and alignment between private sector companies. Their focus was too narrow for that, focusing mainly on protecting critical national infrastructure and essential services.
Seven years on, the Cyber Resilience Bill promises to fill in these gaps. For a start, it builds in provisions that will make it easier for lawmakers to amend the NIS regulations, allowing the UK’s cybersecurity legislation to remain up to date in a way that it simply hasn’t before. Measures such as 24-hour incident reporting and tighter supply-chain controls recognise the severity of the threat now facing UK organisations. Cyberattacks are unfolding quickly and too widely for delayed or fragmented responses. I hope this legislation will prompt closer coordination across the private sector and help create a culture where resilience is planned, tested and continuously improved.
Crucially, the bill also brings managed service providers (MSPs) into the scope of regulations, where previously they were excluded. For organisations that rely on MSPs, the Bill raises expectations around trust and transparency. It reinforces the need for real plans in place and treating resilience as something you build, not buy.
The timing of this is critical. Just three breaches this year – at Jaguar Land Rover, M&S, and Harrods – have cost the UK economy over £2bn and counting. The Bill sends a clear message that cybersecurity is now a board-level issue. If you rely on digital infrastructure, you’ve got to take responsibility for keeping it safe.
Jonathan Trayers
Jonathan Trayers is a director at MSP Ekco
