On 4 November 2019, the UK Government’s Department for Digital, Culture, Media & Sport (“DCMS“) issued the Cyber Security Incentives and Regulation Review 2020: Call for Evidence (the “Review“). The aims of the Review are to:
- understand the barriers which prevent organisations from improving their cyber security;
- understand the effectiveness of existing regulations and guidance including the General Data Protection Regulation (“GDPR“) and the Network and Information Systems Regulations (“NIS“); and
- develop a range of policy proposals to address any gaps.
In 2016, the Government launched the current National Cyber Security Strategy 2016-2021 and the 2016 DCMS Regulation and Incentives Review concluded that the GDPR and NIS had the potential to drive improved cyber security behaviours. Whilst there has been significant progress in tackling cyber threats and improving the resilience of the UK society and economy (both through GDPR and NIS, and by the establishment of the National Cyber Security Centre (“NCSC“)), the Government is now conducting a further survey to assess where there are still barriers that place unnecessary burdens on organisations trying to effectively managing cyber risk and to assist with forming the UK’s cyber strategy post 2021.
The Review seeks to gather evidence to underpin future policy development, including potential new cyber security interventions and regulations, if appropriate.
DCMS is particularly seeking answers in relation to four categories:
- barriers to effective cyber risk management;
- commercial barriers and incentives for investing in cyber security;
- access to the right information for effective cyber risk management; and
- areas of focus for future policy and regulatory interventions.
DCMS is also looking for evidence on how it can help industry better manage cyber risk, for example, by providing better information on how secure organisations are, or greater information sharing on the cost and likelihood of cyber attacks.
The publication of the Review clearly shows that cyber security is firmly on the Government’s agenda which is unsurprising given the ever increasing number of cyber attacks. The results of the Review will shape the cyber security laws and regulation of the future – watch this space.
The Review is open until Friday 20 December 2019 and you can respond here.