The United Kingdom’s Department of Science, Innovation & Technology (DSIT) released the Cyber Governance Code of Practice (the “Code”) with a goal to formalize business sector cyber governance across the UK. The Code aims to provide actionable guidance to build cyber resilience in a time with ever-increasing threats and a perceived lack of engagement in cyber governance by business leaders. DSIT is seeking feedback from the public on the design of the Code, how to increase its use and compliance by businesses, and the merits of an assurance process for the Code.
The Code
The Code is broken into five key principles with individual action items: risk management, cyber strategy, people, incident planning and response, and assurance and oversight.
Risk Management
Organizations should ensure they conduct regular risk assessments, incorporate cyber security risks as a part of broader enterprise risk assessments, and identify and prioritize the most important digital assets. Additionally, organizations should assess suppliers’ cyber security and establish a baseline cyber risk tolerance for the organization.
Cyber Strategy
Organizations should monitor and review their resilience strategy and invest appropriate resources into their cyber strategy.
People
Organizations should ensure they have clear security policies and effective security training. Organizations should also take responsibility for the security of their assets and communicate the importance of resilience.
Incident Planning and Response
Organizations should ensure they have an incident response plan, test the plan annually, implement a post incident review process, and assign individual incident response roles.
Assurance and Oversight
Organizations should establish a governance structure, regular monitoring process, two-way dialogue with leadership, a formal reporting process, and determine internal assurance mechanisms.
Interested businesses should complete the targeted survey about the Code and provide feedback to the Department by Tuesday, March 19, 2024. Interested parties can fill out the survey online or submit responses via email to cybergovernance@dsit.gov.uk. If you have any questions about the Code or are interested in ZwillGen’s counsel on filing comments, you can reach out your ZwillGen contact.