top of page

Government wants boards to raise their game on cyber security

screenshot of government website showing call for views on Cyber Governance Code of Practice

The UK Government has published a draft Cyber Governance Code of Practice, and is seeking views from board directors. It's a short, straightforward set of recommended actions, focusing on governance and oversight rather than technical controls.

Government had originally intended to force board level engagement with cyber resilience by introducing a new statutory “Resilience Statement” to large company annual reports, to include specific consideration of cyber security. However, the planned overhaul of the UK’s corporate reporting and audit regime this formed part of was withdrawn following consultation; a future Labour government may reintroduce it.

The new Code of Practice is planned for final publication towards the end of 2024, following the government consultation. It will be a voluntary tool, designed to provide helpful guidance rather than a compliance regime:

A cyber governance Code of Practice, as proposed here, would bring together the critical governance areas that directors need to take ownership of in one place, in a form that is simple to engage with, for organisations of all sizes.

But we would expect it to become increasingly important in defining 'what good looks like' for the boardroom, and probably linked to formal compliance requirements for regulated sectors. We'll discuss the Code of Practice further at our March 11th NED-only webinar. In the meantime, we hope that you'll take the time to read and respond to the consultation.


bottom of page