The UK government has proposed a Cyber Governance Code of Practice (鈥渢he Code鈥). The intention is for the Code to be launched as a voluntary tool, without its own statutory footing and is designed to introduce stronger frameworks of accountability and good governance. The government is exploring how it could be used to assist with regulatory compliance, including with the General Data Protection Regulation (GDPR) and the Network and Information Systems (NIS) regulations.
The Code has been co-designed with industry leaders and technical experts at the National Cyber Security Centre.
The found that while cyber security is seen as a high priority by senior management at 71% of businesses and 62% of charities, this has not translated into action or greater ownership of cyber risk at the most senior level. An aim of the Code is to make it easier for senior managers to understand what actions to take.
Views are currently being .
The government is also seeking to explore either a self or independently assessed assurance process against the Code. The aim is that this can be used to derive confidence in an organisation鈥檚 governance of cyber risks. Views are being sought on the potential demand for an assurance mechanism to support the implementation of the Code and insurance firms have been specifically referred to as stakeholders who could derive use from such a process.
Contents
- The Word, March 2024
- Explaining artificial intelligence use to insurance customers
- Lloyd’s Market Association Update
- GAP insurers ordered to pause sales
- Consumer Duty: Financial Conduct Authority (“FCA”) highlights areas of improvement
- Insurance and Taylor Swift’s Eras tour
- Financial Conduct Authority enforcement to go public – a step too far?
- How is the National Health Service (NHS) waiting list impacting insurance?