UK Government Introduces Cyber Security and Resilience Bill

17 Jul 2024 Westminster

The government has unveiled the Cyber Resilience Bill, designed to enhance regulatory oversight of cybersecurity incidents and mandate the reporting of ransomware attacks.

Announced in today’s King’s Speech alongside 40 other bills, the government emphasised that this legislation is a response to the growing cyber threats posed by both cybercriminals and state actors targeting the UK’s digital economy, public services, and infrastructure.

The Cyber Resilience Bill will expand regulators’ authority to include supply chains, addressing the increasing prevalence of supply-side attacks where malicious actors infiltrate networks via third-party suppliers. The bill also aims to strengthen the regulatory framework to ensure the effective implementation of cybersecurity measures.

Additionally, the government will require more comprehensive incident reporting, specifically for ransomware attacks.

In principle, the new Cyber Resilience Bill aligns with the EU’s NIS2 Directive, a forthcoming cybersecurity regulation set to take effect in October 2024, though it will not apply to the UK. NIS2 will encompass a broader range of critical and important service suppliers and their supply chains compared to the 2016 NIS1 directive.

This legislative effort marks a significant step in strengthening the UK’s defenses against escalating cyber threats, ensuring a more resilient digital infrastructure.