The Department for Culture, Media and Sport (DCMS) has just published its Cyber Security Regulation and Incentives Review which considers whether there is a need for additional regulation or incentives to boost cyber risk management in the UK economy.
The Review brings to fruition an in-depth consultation with a wide range of businesses, industry partners and stakeholders, and evidence from a wide range of sources, and forms part of the Government’s £1.9 billion strategy to protect the UK in cyber space.
The Review concludes that there is no need, at this time, for additional regulation but that significant progress can be made through the approach the UK takes to implementing the forthcoming General Data Protection Regulation.
The Review’s key conclusions and recommendations include:
- Regulation to secure personal data is justified: the public interest in protecting citizens from crime and other harm is clear.
Government is therefore seeking to improve cyber risk management in the wider UK economy through adoption of the GDPR. The GDPR will provide significant enhancements to the existing data proection regime, not least the rigorous breach reporting requirements and substantially-increased fines and it is felt this will focus industry’s mind considerably.
- As I wrote in this blog last month, the Government and the Information Commissioner’s Office (ICO) are making the clear connection between data protection and cyber security. This will involve measures including closer working between the ICO and the new National Cyber Security Centre (NCSC).
- The Government also plans to work more closely with the investment community to produce cyber security guidance; and with regulators via a new Regulators’ Forum, which will share good practice and threat information.
Please refer to Practical Law’s Cybersecurity toolkit for more information and resources on this topic.