The UK government recently released the Cyber Governance Code of Practice. It is built around five key governance principles and outlines the most critical governance actions that Boards and Directors need to take ownership of as part of their broader responsibilities for business resilience and compliance.  

The Code of Practice is aimed at Boards and Directors of medium and large organisations across the UK; it also offers valuable benefits for SME’s and Public sector bodies should they wish to adopt it. 

It outlines five key principles of cyber governance which Board members are responsible for and held accountable to:  

1: Risk Management 

  • Integrating cyber security risk into enterprise risk frameworks
  • Define and communicate risk appetite.
  • Align cyber security with business objectives.
  • Strengthen supply chain cyber resilience.
  • Conduct regular risk reviews.

2: Strategy 

  • Embed cyber strategy within the organisational strategy.
  • Allocate appropriate resources and capabilities.
  • Manage and review the strategy.
  • Ensure the strategy is relevant and reflects current threats and legal requirements.

3: People 

  • Promote a positive security culture. 
  • Define responsibilities and clear working policies.
  • Monitor training effectiveness. 
  • Clear communication throughout the organisation

4: Incident planning response and recovery 

  • Have tested indent response plans.
  • Clear roles and responsibilities for senior leaders
  • Adopt a supportive oversight role during an incident.
  • Understand legal and regulatory requirements and communication methods.

5: Assurance and oversight 

  • Use reporting and metrics to track performance.
  • Keep informed and updated about applicable regulations. 
  • Collaborate across the whole business to embed cyber security governance. 

 

Why does this matter? 

With the increase of cyber attacks and breaches this is a call to action for boards to take responsibility so that they: 

  • Have oversight of the growing national and organisational risks. 
  • Can comply with increasing legal and regulatory expectations.
  • Can demonstrate governance to investors, insurers, and customers.

We have extensive experience implementing governance frameworks in a variety of businesses and sectors, so if you would like to discuss how the code of practice can be integrated into existing Security standards and frameworks such as ISO 27001, NCSC Cyber Assessment Framework or IASME Cyber Assurance to name a few get in touch with our team today for a free consultation. 

Read more about the Cyber Governance Code of Practice.

 

Related Posts

TechHQ Interview – Women in tech: the pipeline problem
TechHQ Interview – Women in tech: the pipeline problem
Gallery

TechHQ Interview – Women in tech: the pipeline problem

March 15, 2023
#CyberRunway Graduation Conference
#CyberRunway Graduation Conference
Gallery

#CyberRunway Graduation Conference

February 10, 2023
UK-Gulf Women in Cybersecurity Fellowship
UK-Gulf Women in Cybersecurity Fellowship
Gallery

UK-Gulf Women in Cybersecurity Fellowship

November 7, 2022