Category: Expertise strategy
Explore the UK Government’s latest draft on cybersecurity governance Code of Practice together with emagine’s expert, Trine Øksnebjerg.
Trine Øksnebjerg, Consultant Director DK, emagine
In an era where the digital landscape evolves daily, the importance of robust cybersecurity governance has never been more crucial for businesses. The UK Government has just unveiled its survey on the draft of Code of Practice on cybersecurity governance.
Read the Code of Practice here.
By offering simple and action-oriented initiatives in key areas, the Code aims to support directors and boards to understand and act more effectively when dealing with cyber risks.
The proposed Code positions cybersecurity as a priority for businesses, acknowledging the critical impact that cyber-attacks can have.
Recent high-profile incidents have shown the vulnerability of software and digital supply chains, prompting the Government to propose safety measures to ensure security is a priority.
The Code takes a view that is also shared by the EU Commission, which has, in their recent cyber legislation, like CRA, NIS2 and DORA, heightened the focus on a top-down approach with additional involvement of the management body in understanding their risk picture and the appropriate mitigating actions.
The Code emphasizes the need for a top-down approach to manage cybersecurity and, that cyber resilience should be an embedded part of the company strategy. Due to the impact and materiality on both business continuity and competitiveness, the Code stresses that cyber risks should be managed with the same level of importance as when managing financial and legal risks.
The Code emphasizes the need for a top-down approach to manage cybersecurity and, that cyber resilience should be an embedded part of the company strategy.
The guidance is certainly a step in the right direction, and it will likely help businesses in their effort to better understand their risks and how they can improve their cybersecurity posture.
Government intervention often raises the perceived seriousness of the problem, so businesses that haven’t yet grasped the potential risks involved with cybercrime may be more inclined to implement cyber protection strategies. And change is needed.
The Cyber Security Breaches Survey 2023 found that while cybersecurity was seen as a high priority by 71% of senior management, this has not translated into action or greater ownership of cyber risk at the most senior level. Only 47% of SMEs and 64% of large organizations have a formal incident response plan in place.
Read the Cyber Security Breaches Survey 2023 here.
Considering the critical importance of this kind of issue, the Code of Practice highlights how important it is for senior members of the team to take ownership and lead the organization to robust cyber governance.
The guidance will encourage businesses to start assessing their cybersecurity across the organization, strategies, and processes – not just in IT. The extended use of digital technologies means that business resilience and management of cyber risks cuts across almost all areas of organizations. Considering this, ensuring a sufficient level of knowledge on cyber risks in all parts of the business will be key.
The Code also takes this view, with the implementation of measures to enhance employee skills and awareness as an important element. It encourages organizations to prioritize investment in upskilling their workforce as an educated workforce is a formidable defence against cyber criminals. It’s crucial for employees to identify the signs to look out for as human error accounts for 80% of cyber incidents.
Human Error Drives Most Cyber Incidents. Could AI Help? (Harvard Business Review)
The general upskilling of employees should be supported by skilled cybersecurity experts, but this may be a difficult challenge to solve due to the current war for talent, especially within cybersecurity. Unfortunately, this problem is likely to persist – Gartner predicts that by 2025, over half of cyber incidents will stem from a lack of talent or human error.
Read the article from Gartner here.
This not only affects the UK, as organizations worldwide are facing a shortage of qualified professionals equipped to tackle the complex and dynamic landscape of cyber threats. To make an impact, businesses need to stay one step ahead of cybercrime, which is up to each business to explore independently.
The guidance will encourage businesses to start assessing their cybersecurity across the organization, strategies, and processes – not just in IT.
To ensure the chance of risks is reduced, businesses should:
Although the Code of Practice will be an invaluable framework for organisations, it must be understood that it is merely a tool. The efficacy of the Code lies in its adoption and implementation across sectors. As senior leaders, it is our responsibility to commit to adopting the recommendations. Effective cybersecurity requires commitment from top to bottom.
The Code of Practice has requested feedback from businesses experiencing cyber issues firsthand. Views could be submitted up until 19th March 2024 and this presented an opportunity for senior leaders to actively shape cyber security advice to tackle risks together.
Looking for an expert? Get in touch with our team today and get help with your cybersecurity defense strategy.
Contact us[Blogs_Slider_Arrows]
[Blogs_Slider category=expertise-strategy]
