View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 23, 2024

UK government publishes new cybersecurity guidelines for businesses

The draft cybersecurity guidelines for businesses recommend that firms place cyber threats on an equal risk footing to legal and financial perils.

By Greg Noone

The UK government has published new draft cybersecurity guidelines for businesses. According to the Department for Science, Innovation and Technology, the new ‘Code of Practice on cyber security governance’ provides guidance for senior leaders on how best to protect their organisations from cyberattacks and recommends they treat the risk of such breaches as equal to legal and financial pitfalls. It forms part of the government’s £2.6bn National Cyber Strategy, though no new funding for law enforcement agencies to prosecute cybercrime was announced today. 

“It’s crucial that bosses and directors take a firm grip of their organisation’s cyber security regimes – protecting their customers, workforce, business operations and our wider economy,” said the minister for AI and intellectual property, Viscount Camrose. “This new Code will help them take the lead in safely navigating potential cyber threats, ensuring businesses across the country can take full advantage of the emerging technologies which are revolutionising how we work.”

An image of a person observing lines of computer code on a screen, used to illustrate a story about the publication of a new set of cybersecurity guidelines for businesses in the UK.
The UK government has published new draft cybersecurity guidelines for businesses, encouraging them to invest in cyber-awareness training for staff and write detailed plans on how to react to and recover from catastrophic data breaches. (Photo by Syda Productions / Shutterstock)

New UK cybersecurity guidelines for businesses encourage detailed post-breach planning

According to government statistics, almost a third of all UK businesses fell victim to cyberattacks or breaches in 2023. Written in collaboration with both private sector stakeholders and the National Cyber Security Centre (NCSC), the new cybersecurity guidelines for businesses encourage firms to reflect the seriousness with which they approach cybersecurity in their corporate hierarchy by creating roles with clear responsibilities for cyber-defence. Companies should also write detailed plans for responding to and recovering from breaches, engage in regular pen-testing, and institute regular cyber-awareness training for staff. 

DSIT also touted the success of the government’s “Cyber Essentials” certification scheme, wherein businesses demonstrate their commitment to cyber-defence by instituting appropriate security contingencies. According to the government, 38,113 certificates were awarded to UK businesses last year, including two in five of its largest firms. Furthermore, its recent Cyber Security Breaches Survey found that 66% of organisations that signed up for the “Cyber Essentials” scheme had an incident response plan in place, compared to just 18% of firms that did not participate in the project. 

The government added that it welcomes additional comments on its new cybersecurity guidelines for businesses, in addition to publishing a new call for views on software resilience and security. The latter, it said, “proposes steps to empower those who develop, buy and sell software to better understand how they can reduce risk, prioritising the protection of businesses and other organisations that are reliant on software for their day-to-day operations.” 

ESET global cybersecurity advisor Jake Moore welcomed the publication of the new code of practice, arguing that SMEs will probably benefit the most from the guidelines. However, “for larger organisations,” he told Tech Monitor, “this will potentially be teaching them to suck eggs.”

Funding for law enforcement agencies to prosecute cybercriminals should not be neglected either, added Moore. Such investment “ should never slow down,” he said. “Since the introduction of the revitalised UK fraud squad in 2022, it is clear that this sort of financial intervention is key to the protection of UK businesses.”

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Read more: UK Police are being overwhelmed by cybercrime

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.