Cyber Monthly Wrap-up (UK, EMEA and the US) – November 2023

Welcome to HSF's November wrap up; our top picks for cyber-related news in the UK, EMEA and US. Our short summary and commentary is aimed at giving you the awareness and insights you need, with minimum time investment. Below you will find:
  • Developments in regulatory requirements and guidance;
  • Wider cyber industry news; and
  • Particularly noteworthy (reported) cyber incidents.
Read more

Cyber risk in Critical National Infrastructure features prominently in UK 2023 National Risk Register

In August 2023, the UK Government published its 2023 National Risk Register ("the Risk Register"), listing the 89 main publicly-acknowledged risks facing the UK. Cyber-attacks on gas infrastructure, electricity infrastructure, civil nuclear, fuel supply infrastructure, the health and social care system, the transport sector, telecommunications systems and one or more UK retail banks are cited as key risks in the report. Read more

Building Cyber Security Resilience: NIS 2 enters into force

The NIS 2 Directive (Directive 2022/2555) on measures for a high common level of cyber security across the EU has now entered into force. Member states must now incorporate the provisions into their national law by October 2024. NIS 2 will replace its predecessor – NIS (Directive 2016/1148), which was the first cross-sector cyber security law in the EU. NIS 2 has been necessary because the speed at which network and information systems have developed into a central feature of everyday life has led to greater interconnectedness, including in cross-border exchanges and, with this, has come an expansion of the cyber threat landscape. The number, magnitude, sophistication, frequency and impact of incidents are increasing, and can impede the pursuit of economic activities in the internal market, generating financial loss, undermining user confidence and causing major damage to the Union’s economy and society. Cyber security preparedness and effectiveness are therefore now more essential than ever to the proper functioning of the internal market; "adapted, coordinated and innovative responses" are required in all member states, says the EU. NIS was not implemented consistently across member states with, for example, some services being categorised as "essential" in some countries but not in others. Read more

Building resilience: a top priority for the UK

The UK Government published its Resilience Framework on 19 December 2022. This step recognises that crises are likely to be greater than we have been used to in both frequency and scale in the next decade, given what the government describes as "an increasingly volatile world, defined by geopolitical and geoeconomics shifts, rapid technological change and a changing climate." Read more

UK Government issues Call for Evidence to help improve cyber security across the UK economy

On 4 November 2019, the UK Government’s Department for Digital, Culture, Media & Sport (“DCMS“) issued the Cyber Security Incentives and Regulation Review 2020: Call for Evidence (the “Review“). The aims of the Review are to: understand the barriers which prevent organisations from improving their cyber security; understand the effectiveness of existing regulations and guidance … Read more