The Labour government under Keir Starmer is set to introduce a Cyber Security and Resilience Bill in the upcoming parliamentary session. This bill aims to bolster the UK’s cyber defences and ensure the protection of digital services, with a focus on mandatory ransomware reporting as a crucial aspect of the law.
Highlighted in the King’s Speech at the State Opening of Parliament, the Bill acknowledges that the UK is facing increasing cyber threats from financial cyber criminals and state actors targeting organizations of all sizes. The current cyber laws, inherited from the EU, need urgent updating to keep up with the evolving cyber landscape.
The Bill has two main objectives – expanding existing regulations to protect digital services and supply chains, and improving reporting requirements to enhance understanding of cyber threats. Regulatory bodies may receive enhanced powers under the proposed legislation, including the ability to recover costs and proactively investigate IT vulnerabilities. Additionally, mandatory incident reporting aims to provide better data on cyber attacks to improve national awareness of threats.
The government’s commitment to enhancing cyber resilience has been well-received by industry experts, who emphasize the importance of additional funding for public bodies to make regulatory measures effective. While the government’s efforts are seen as a step in the right direction, there is a call for a vision that integrates prevention and response to cyber threats, including ransomware and state-affiliated attacks.
There are also calls for more emphasis on combating cyber crime, particularly in safeguarding critical sectors like healthcare. Stakeholders emphasize the need for investment in cyber innovations to protect organizations like the NHS from debilitating ransomware attacks. Additionally, there is ongoing pressure for urgent reform of the outdated Computer Misuse Act of 1990 to enable cyber professionals to better defend the UK’s digital infrastructure and economy.