The British government is to enhance the nation’s cyber-resilience with a new bill which will hand more power to regulators around cybersecurity incidents and mandate reporting for ransomware attacks.
The Cyber Security and Resilience Bill was announced in the King’s Speech in response to attacks on the United Kingdom’s digital economy by both cybercriminals and state actors, which have impacted public services and infrastructure.
A UK Government survey revealed 50% of all businesses and 84% of large businesses reported cybersecurity breaches or attacks last year. This is a 39% increase from the 2022 survey and highlights the need for companies to have cyber insurance policies in place to cover financial losses as a result of ransomware attacks, data breaches and other cyber incidents.
The devastating Russian cyber-attack on Synnovis, a private company that provides pathology services, such as blood tests, to the NHS, has resulted in some patients warned they may have to wait up to six months for blood tests.
Jon Ellison, National Cyber Security Centre (NCSC) Director of National Resilience, said: “The scale, pace and complexity of the threat to the critical national infrastructure (CNI) underpinning these vital services is rising.
“Alongside the threat from ransomware actors we now also see a rise in state and state-aligned groups interested in targeting our CNI. The announcement of the Cyber Security and Resilience Bill is a landmark moment in tackling this growing threat.”
The bill will also cover supply chains and address the growing number of attacks, where malicious actors enter networks via third-party suppliers. The government will mandate further incident reporting, including for ransomware.
The Cyber Security and Resilience Bill aims to “strengthen our defences and ensure that more essential digital services than ever before are protected,” the government said in background notes.
The new bill will focus on critical infrastructure providers, extending the scope of the current Network and Information Systems Regulations 2018 regime. It will introduce mandatory ransomware reporting to help the authorities better understand the scale of the threat .
A separate Digital Information and Smart Data Bill will incorporate many of the legislative measures featured in the Data Protection and Digital Information Bill, a proposed update to the UK GDPR which failed to pass in time in the last parliament.
Cyber policies offered by W Denis provide more than just insurance, they are inclusive of additional services which help to mitigate the impact of a data breach/hack etc, including PR services to manage the crisis, forensics to investigate the root cause and expertise to eradicate the issue. Locked systems and ransomware can be catastrophic to a business. Prudent risk managers who buy comprehensive cyber insurance gain access to a wide range of support services to help the business in the event of a claim in addition to ransomware payment negotiations.
To discuss this further with a broker at W Denis, please make arrangements with Daniel Moss at [email protected] or on 0044 (0)113 2439812 or contact Mark Dutton at [email protected] or on 0044 (0) 7831 366 469.
Specialist contact
Mark Dutton
Executive Director / Group Head of Broking & Business Development
T. +44 (0) 7831 366 469
Arrange a call back