How effective is the NIS policy? Why is there no “strong commercial rationale for investment in cybersecurity?” What kind of policy proposals could fill gaps in British organisations’ risk management? The government would like answers to these questions and more, as it launches a cybersecurity call for evidence, intended to improve how HMG helps organisations protect themselves online.
Cybersecurity Call for Evidence
“We would like to understand how using market levers could incentivise better cyber security risk management, including what Government action would help key industry groups that manage market risk – such as investors, the insurance industry, consultancies, and audit firms – drive improvements across the economy,” the government said this week, launching the engagement.
The engagement (with a deadline for submissions of Friday 20 December 2019 via an online survey here) comes as the government plans ahead for its next five-year National Cyber Security Programme. The 2016-2021 programme has been criticised for being opaque, unfocussed and failing to meet its KPIs.
As the National Audit Office wrote earlier this year: “The programme was established with inadequate baselines for allocating resources, deciding on priorities or measuring progress effectively”. The Joint Committee on the National Security Strategy meanwhile blasted the government over the programme, saying it “is unwilling to publish any information about the [programme] other than its total budget of £1.9 billion.”
Credit: Elena Koycheva via Unsplash
Cybersecurity Call for Evidence
The Department for Digital, Culture, Media & Sport said it is particularly seeking answers questions in relation to four categories.
- Barriers to effective cyber risk management.
- Commercial barriers and incentives for investing in cyber security.
- Access to the right information for effective cyber risk management
- Areas of focus for future policy and regulatory interventions.
Matt Warman Minister for Digital and Broadband commented in a release that: “We are reviewing the current spectrum of Government interventions, to understand the impact of action taken to date, and where Government and industry need to go further.
“This Call for Evidence is a key first step in testing our understanding of the barriers that remain; and to seek input on where we should be focusing work to develop a new programme of activity.
Content from our partners
Do you have strong views on any of these areas? Computer Business Review would like to hear from you. Get in touch with our editor by email here.
