Cybersecurity

THE UK CYBER SECURITY AND RESILIENCE BILL

Supporting organisations to prepare for UK cyber security changes

WHAT IS THE CYBER SECURITY AND RESILIENCE BILL?


The Cyber Security and Resilience Bill is a proposed UK law that aims to improve the country's cybersecurity and resilience in light of increased cyber threats.

If the bill is passed, the subsequent Cyber Security and Resilience Act is expected to expand the scope of existing regulations, increase reporting requirements, give more power to regulators and improve supply chain security.

 CONTACT US

It is anticipated that the Cyber Security and Resilience Bill, which was announced in the King’s Speech in July 2024,  will build on the existing UK Network and Information Security (NIS) Regulations 2018, taking a similar approach to the EU’s updated NIS2 Directive.

Although it will take some time for the Bill to be passed into law, there are a number of things organisations can do to prepare for future changes. 
 

WHY IS THE CYBER SECURITY AND RESILIENCE BILL IMPORTANT?

The Government says that the Bill will "strengthen our defences and ensure that more essential digital services than ever before are protected." The EU has made progress in updating its legislation around cybersecurity  and this is expected to bring the UK in line. 

The aim is to strengthen the security of the UK’s critical infrastructure and digital services, against a backdrop of increased global cyber attacks.

WHAT IS INCLUDED IN THE CYBER SECURITY AND RESILIENCE BILL?

The full detail of the Bill is not yet released, but guidance notes suggest it will include:

  •  Expanding the scope of regulations. “Essential services” and “digital service providers” are listed in the current NIS Regulations. The Cyber Security and Resilience Bill proposes to also “fill an immediate gap in our defences” and cover “more digital services and supply chains”
  • Increased incident reporting. The proposed law aims to mandate UK companies to report incidents so that the Government can better understand cyber attacks in the UK, particularly ransomware attacks.
  • Greater power for regulators. The briefing notes for the Bill stipulate that this would include potential cost recovery mechanisms to provide resources to regulators and powers to proactively investigate vulnerabilities.  
  • Improved supply chain security. The Bill also emphasises the importance of securing the entire supply chain, requiring businesses to vet their suppliers' cybersecurity measures. 

HOW CAN BUREAU VERITAS HELP?

Our experts at Secura, a Bureau Veritas company, offer a range of services to support cyber security and resilience. We are already working with organisations to support compliance with NIS2, as well as other applicable cyber security legislation such as DORA and the EU’s Cyber Resilience Act. 

It is expected that compliance with NIS2 will satisfy the requirements of the Cyber Security and Resilience Act once it comes into force in the UK.

Our services include: 

  • Cyber incidence response and reporting

    Critical response to cyber security threats, with best practice support and response from our qualified professionals. 

  • Cyber incidence response and reporting

    Critical response to cyber security threats, with best practice support and response from our qualified professionals. 

  • Supply chain risk management

    Services to assess and reduce cyber security risks within your supply chain, including contract and vendor management.

  • Penetration testing

    Illustrating what the consequences of a cyber attack could be, and what that would mean to your organisation. Penetration testing allows us to assess your IT security and improve awareness of potential dangers.

  • TIBER Red Teaming

     TIBER (Threat Intelligence Based Ethical Red Teaming) is a framework for security testing based on specific threats to the finance industry. Our experience in Red Teaming, combined with our TIBER-specific experience, gives our clients confidence in our detailed TIBER assessments.

  • Crisis and resilience services

    Crisis management, operational resilience, business continuity management and cyber crisis exercises, using the latest threat actor tactics to help boost resilience and crisis management capabilities for clients.

  • Comprehensive cyber security audits

    Demonstrate to stakeholders that you comply with guidelines, best practices or legal requirements. Suppliers and providers of critical services will need to quickly and efficiently prove their security posture.  We can provide an impartial opinion with our audit and assurance services.

    Our cyber security audits offer official assurance services in accordance with the International Standard on Assurance Engagements (3000, 3402).

  • Regulatory compliance consulting

    Working with clients to help achieve and maintain compliance in line with regulatory requirements including the BIO protocol.
     

  • Cyber security training and awareness programmes

    Comprehensive training programmes with flexible e-learning, giving your teams the insights and information they need to implement an effective cyber security culture. 
     

  • Cyber insurance advisory

    Advisory solutions to assess your cyber insurance provision and ensure adequate cover.
     

  • Continuous monitoring and compliance support

    Ongoing consultancy to maintain cyber security standards in line with best practice and the latest certification standards.

  • Vulnerability assessments

    Discover weak spots in the security of your website, (mobile) application, or infrastructure with our vulnerability assessment and penetration testing (VA/PT) from experienced professionals.

  • Customised cyber security services

    Working with clients to deliver tailored solutions that meet your individual cyber security needs, such as running supplier review programs
     

WHAT ARE THE BENEFITS OF CYBER SECURITY SERVICES?

  • Comprehensive protection: Safeguard critical data and systems with state-of-the-art security measures tailored to your specific needs.
  • Regulatory compliance: Ensure adherence to the latest cybersecurity regulations and standards, reducing legal risks and penalties – including upcoming legislation such as the Cyber Security and Resilience Act.
  • Cost efficiency: Minimise financial losses from data breaches and cyber attacks with proactive threat detection and quick response strategies.
  • Expert guidance: Gain access to cybersecurity experts who provide ongoing support and advice to strengthen your security.
  • Enhanced reputation: Build trust with clients and stakeholders through demonstrated commitment to robust cybersecurity practices.
  • Scalable solutions: Adapt and scale cybersecurity measures as your organisation grows and evolves, ensuring long-term protection.

WHY CHOOSE BUREAU VERITAS FOR CYBER SECURITY SERVICES?

  • A qualified team of experts, backed by our global network, which is free from technology vendor bias and partner constraints
  • Comprehensive range of services developed to meet the expected requirements of the Cyber Security and Resilience Act, as well as other applicable legislation  
  • A single point of contact and proven partnership approach, consistently delivering over 65 NPS due to the quality of our work and the extended peer review process.
  • An independent cyber security consultancy, supported by the global expertise of Bureau Veritas, a world leader in testing, inspection and certification services

GET IN TOUCH WITH A MEMBER OF THE TEAM BY SUBMITTING YOUR DETAILS BELOW:

Please select country prefix
Enquiring about
If known (Approx.)
If known (Approx.)
Maximum 3 files.
2 MB limit.
Allowed types: pdf, doc, docx, ppt, pptx, xls, xlsx, jpg, png.
I have read and understood the terms and conditions of {Personal data protection policy}.
Your personal data is collected by Bureau Veritas UK, having its registered office at Suite 206, Fort Dunlop, Fort Parkway, Birmingham B24 9FD, and is subject to computer processing in order to respond to questions from the media about the Group or its subsidiaries on the basis of your consent, and to respond to customer complaints, on the basis of the service contract that you have entered into with a subsidiary of Bureau Veritas.

Your personal data is intended for the Corporate Communication department or the Quality, Health & Safety and Environment department of the Bureau Veritas Group, depending on the nature of your request, and for their service providers, providing consulting and technical services as well as for the Bureau Veritas IT department. Your personal data will be retained for a period of one year for media requests and three years for customer complaints from your request. Your personal data can be transferred outside the European Union, in countries where Bureau Veritas subsidiaries operate, on the basis of standard contractual clauses established by the European Commission, available on request, by submitting a query here.

Fields marked with an asterisk must be filled in. Otherwise, Bureau Veritas would not be able to answer your questions and/or complaints. In accordance with the Data Protection Act 2018 and the General Data Protection Regulation of 27 April 2016, you have the right to access, rectify and erase any personal data concerning you, as well as the right to limit the processing, the right to oppose to the processing or the right to portability of your personal data. You have the right to withdraw your consent at any time by submitting a query here and unchecking the box dedicated to the collection of your consent. You can exercise your rights online to lodge a complaint to the Information Commissioner’s Office.