Training and Toolkit included in guidance.
New guidance has been published to help directors and company boards shore up their cyber defences.
Intended to provide the direction leaders need to take control of their cyber risk, the Cyber Governance Code of Practice, it is underpinned by Cyber Governance Training, which helps boards and directors to strengthen their understanding of how to govern cyber security risks.
Also the Cyber Security Toolkit for Boards supports boards and directors in implementing the actions set out in the Code.
Action Points
The action points include having a cyber strategy in place to ensure cyber risk management effectively supports business resilience and growth, and promoting a cyber secure culture so employees at all levels know what to look out for. Also putting incident response plans in place is encouraged, allowing organisations to quickly respond to incidents when they occur.
Cyber Security Minister Feryal Clark said that the Cyber Governance Code of Practice is intended to set out in clear terms the steps organisations should take to safeguard their day-to-day operations, while also securing the livelihoods of their workers and protecting their customers.
Andrew Rose, CSO, SoSafe said: "Sitting alongside the Cyber Essentials certification, the new Cyber Governance Code of Practice has an important role to play. It's great to see that the 22 areas of focus include the promotion of a cyber culture to protect our organisations, highlighting the important role our people play in developing a robust security structure.
“Humans are both our primary attack surface and our first line of defence, and they are often more susceptible to cyber-attacks than our technological defences.
“Although these are just guidelines and are not legally binding, organisations should take them seriously. They define a catalogue of best practices to minimise cyber risk and can ensure our organisations are protected. Weaving these requirements into legislation and regulation would be a welcome next step."
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
