Zurich Resilience Solutions welcomes new Cyber Security and Resilience Bill
On July 17 His Majesty King Charles III delivered the King’s Speech underscoring the urgency of improving the UK’s cyber defences through two significant legislative initiatives: the Cyber Security and Resilience Bill, and the Digital Information and Smart Data Bill. It comes at an important time as the UK faces escalating cyber threats affecting all types of organisations from small businesses to critical national infrastructure.
The Cyber Security and Resilience Bill aims to significantly enhance the UK’s cyber resilience. It mandates increased incident reporting, allowing the Government to gather more comprehensive data on cyberattacks, including those involving ransomware. This will enable a better understanding of the cyber threats the UK faces and improve response strategies. The Bill underscores the necessity of extending protections to a broader range of digital services and supply chains, reflecting changes introduced by the EU’s NIS-2 Directive, although adapted to the UK’s context post-Brexit. The Bill’s introduction comes after the UK Government’s Cyber Breach Survey 2024, which found that 44% of businesses experienced cybersecurity breaches or attacks within the last year. Also CrowdStrike’s 2024 Global Threat Report highlighted that last year there had been a 75% increase in cloud intrusions and 34 newly named adversaries.
The economic impact of these cyber incidents is substantial and growing, costing the UK economy an estimated £27 billion annually. This highlights the significant financial impact cybercrime has had on businesses and the broader economy, including direct losses from thefts, disruptions to operations, and long-term reputational damage. The evolving nature of cyber threats, which now include sophisticated malware and ransomware attacks, makes the need for robust cyber defence strategies more critical than ever.
We work with clients and one of the major themes we always emphasise is the importance of cyber resilience over merely focusing on cyber security. Cyber resilience involves being prepared for any kind of attack or even system downtimes, such as the July 2024 CrowdStrike IT incident. Although this incident was not a cyber-attack, organisations with mature cyber resilience are much better positioned to handle the situation. Prioritising cyber resilience and being prepared for the worst-case scenario, with the ability to minimise the impact of an attack, is crucial for maintaining business resilience.
The Digital Information and Smart Data Bill focuses on reforming data sharing and protection standards to support innovative uses of data that can boost the economy. It proposes adjustments to the regulatory powers of the Information Commissioner’s Office (ICO) and the strength of sanctions it can impose. The Bill aims to promote secure and innovative digital identity products and services, facilitating safe and efficient online identification processes for individuals and businesses.
The importance of cyber resilience
Together, these bills aim to protect not only the economic stability of the UK, but also the privacy and security of individuals. By strengthening data protection and cybersecurity measures, the UK can look to safeguard it’s infrastructure and businesses against the increasing risks of cyberattacks. The legislation also helps emphasise the need for resilience, ensuring that organisations are not only protected against potential attacks, but are also prepared to respond and recover swiftly should an incident occur.
This legislative approach is in response to the global increase in cyberattacks and the recognition that effective cybersecurity is no longer just about prevention, but also about the ability to manage and mitigate risks after an attack has occurred. The focus on resilience is a strategic shift towards establishing a more robust framework that supports both prevention and effective incident response.
The introduction of these Bills is a strategic move to place the UK at the forefront of cybersecurity and data protection globally. It reflects a broader commitment to adapting to the challenges of the digital age, ensuring the UK remains a secure place for digital innovation and business.
These laws are intended to act as a deterrent against cybercriminals and to establish a clearer legal framework for prosecuting such crimes. By implementing these measures, the UK Government is not only looking to reduce incidents and the impact of cyberattacks, but also to foster a safer digital environment for all. This proactive approach is crucial at a time when cyber threats are becoming more frequent and complex, requiring comprehensive and forward-thinking strategies to counteract them.
The Cyber Security and Resilience Bill and the Digital Information and Smart Data Bill represent crucial steps forward in the UK’s cybersecurity strategy. As cyber threats continue to evolve, these legislative measures are essential for ensuring that the UK can continue to thrive in an increasingly interconnected and digital world.
We can help
Zurich Resilience Solutions have experts in Cyber Risk and Resilience who can assist you with bespoke services. For more information please contact us
First published by Emerging Risks
