THE UK CYBER SECURITY AND RESILIENCE BILL
Supporting organisations to prepare for UK cyber security changes
WHAT IS THE CYBER SECURITY AND RESILIENCE BILL?
The Cyber Security and Resilience Bill is a proposed UK law that aims to improve the country's cybersecurity and resilience in light of increased cyber threats.
If the bill is passed, the subsequent Cyber Security and Resilience Act is expected to expand the scope of existing regulations, increase reporting requirements, give more power to regulators and improve supply chain security.
CONTACT US
It is anticipated that the Cyber Security and Resilience Bill, which was announced in the King’s Speech in July 2024, will build on the existing UK Network and Information Security (NIS) Regulations 2018, taking a similar approach to the EU’s updated NIS2 Directive.
Although it will take some time for the Bill to be passed into law, there are a number of things organisations can do to prepare for future changes.
WHY IS THE CYBER SECURITY AND RESILIENCE BILL IMPORTANT?
The Government says that the Bill will "strengthen our defences and ensure that more essential digital services than ever before are protected." The EU has made progress in updating its legislation around cybersecurity and this is expected to bring the UK in line.
The aim is to strengthen the security of the UK’s critical infrastructure and digital services, against a backdrop of increased global cyber attacks.
WHAT IS INCLUDED IN THE CYBER SECURITY AND RESILIENCE BILL?
The full detail of the Bill is not yet released, but guidance notes suggest it will include:
- Expanding the scope of regulations. “Essential services” and “digital service providers” are listed in the current NIS Regulations. The Cyber Security and Resilience Bill proposes to also “fill an immediate gap in our defences” and cover “more digital services and supply chains”
- Increased incident reporting. The proposed law aims to mandate UK companies to report incidents so that the Government can better understand cyber attacks in the UK, particularly ransomware attacks.
- Greater power for regulators. The briefing notes for the Bill stipulate that this would include potential cost recovery mechanisms to provide resources to regulators and powers to proactively investigate vulnerabilities.
- Improved supply chain security. The Bill also emphasises the importance of securing the entire supply chain, requiring businesses to vet their suppliers' cybersecurity measures.
HOW CAN BUREAU VERITAS HELP?
Our experts at Secura, a Bureau Veritas company, offer a range of services to support cyber security and resilience. We are already working with organisations to support compliance with NIS2, as well as other applicable cyber security legislation such as DORA and the EU’s Cyber Resilience Act.
It is expected that compliance with NIS2 will satisfy the requirements of the Cyber Security and Resilience Act once it comes into force in the UK.
Our services include:
-
Cyber incidence response and reporting
Critical response to cyber security threats, with best practice support and response from our qualified professionals.
-
Cyber incidence response and reporting
Critical response to cyber security threats, with best practice support and response from our qualified professionals.
-
Supply chain risk management
Services to assess and reduce cyber security risks within your supply chain, including contract and vendor management.
-
Penetration testing
Illustrating what the consequences of a cyber attack could be, and what that would mean to your organisation. Penetration testing allows us to assess your IT security and improve awareness of potential dangers.
-
TIBER Red Teaming
TIBER (Threat Intelligence Based Ethical Red Teaming) is a framework for security testing based on specific threats to the finance industry. Our experience in Red Teaming, combined with our TIBER-specific experience, gives our clients confidence in our detailed TIBER assessments.
-
Crisis and resilience services
Crisis management, operational resilience, business continuity management and cyber crisis exercises, using the latest threat actor tactics to help boost resilience and crisis management capabilities for clients.
-
Comprehensive cyber security audits
Demonstrate to stakeholders that you comply with guidelines, best practices or legal requirements. Suppliers and providers of critical services will need to quickly and efficiently prove their security posture. We can provide an impartial opinion with our audit and assurance services.
Our cyber security audits offer official assurance services in accordance with the International Standard on Assurance Engagements (3000, 3402). -
Regulatory compliance consulting
Working with clients to help achieve and maintain compliance in line with regulatory requirements including the BIO protocol.
-
Cyber security training and awareness programmes
Comprehensive training programmes with flexible e-learning, giving your teams the insights and information they need to implement an effective cyber security culture.
-
Cyber insurance advisory
Advisory solutions to assess your cyber insurance provision and ensure adequate cover.
-
Continuous monitoring and compliance support
Ongoing consultancy to maintain cyber security standards in line with best practice and the latest certification standards.
-
Vulnerability assessments
Discover weak spots in the security of your website, (mobile) application, or infrastructure with our vulnerability assessment and penetration testing (VA/PT) from experienced professionals.
-
Customised cyber security services
Working with clients to deliver tailored solutions that meet your individual cyber security needs, such as running supplier review programs
WHAT ARE THE BENEFITS OF CYBER SECURITY SERVICES?
- Comprehensive protection: Safeguard critical data and systems with state-of-the-art security measures tailored to your specific needs.
- Regulatory compliance: Ensure adherence to the latest cybersecurity regulations and standards, reducing legal risks and penalties – including upcoming legislation such as the Cyber Security and Resilience Act.
- Cost efficiency: Minimise financial losses from data breaches and cyber attacks with proactive threat detection and quick response strategies.
- Expert guidance: Gain access to cybersecurity experts who provide ongoing support and advice to strengthen your security.
- Enhanced reputation: Build trust with clients and stakeholders through demonstrated commitment to robust cybersecurity practices.
- Scalable solutions: Adapt and scale cybersecurity measures as your organisation grows and evolves, ensuring long-term protection.
WHY CHOOSE BUREAU VERITAS FOR CYBER SECURITY SERVICES?
- A qualified team of experts, backed by our global network, which is free from technology vendor bias and partner constraints
- Comprehensive range of services developed to meet the expected requirements of the Cyber Security and Resilience Act, as well as other applicable legislation
- A single point of contact and proven partnership approach, consistently delivering over 65 NPS due to the quality of our work and the extended peer review process.
- An independent cyber security consultancy, supported by the global expertise of Bureau Veritas, a world leader in testing, inspection and certification services