A total of 74% of large businesses have experienced a cyberthreat in the last 12 months, and the government has taken a major step towards strengthening the UK’s cyber-resilience through mandatory cyberincident reporting becoming law in 2025.
The findings were revealed through the Cybersecurity Breach Survey 2024, a quantitative research survey carried out by the government.
This move will include ransomware attacks, and aims to fortify key sectors such as energy, transport, health and digital infrastructure.
The new Cybersecurity and Resilience Bill will aim to close regulatory gaps, updating outdated cybersecurity laws inherited from the European Union and reinforcing the UK’s defences against cyberthreats. This will help British businesses remain competitive with their counterparts across Europe.
Andy Ward, SVP International for Absolute Security, said: “The UK can’t afford to standstill when it comes to cyberpolicies, especially given the wave of high-profile attacks that have threatened CNI and businesses this year. Centralised incident reporting in the Cybersecurity and Resilience Bill is an important measure to promote accountability when defending against cyberattacks and help to better understand the dangers and impact of threats such as ransomware.
“In order to bolster nationwide cyber-resilience, businesses must play an active role in enhancing their security systems and reporting threats when they occur. Security teams need visibility over their networks and device fleets for real-time monitoring, being alerted to suspicious behaviour as soon as it happens, as well as having the ability to free, or shut off, potentially compromised devices or applications when a major breach happens.”
Regulators like the Information Commissioners Office (ICO) will be in a better position to ensure proper security measures are being implemented, including cost recovery mechanisms to better resource these bodies, with a total of 12 regulatory bodies expected to benefit from these responsibilities.
The government will also open a public consultation in the coming months to gather input on these new regulations.
David Manfield, Associate Director for Cybersecurity for Investigo, highlighted the recruitment challenges facing businesses:“Businesses are feeling the squeeze when it comes to recruiting cyberstaff, reflecting talent pipeline struggles caused by tightening budgets over the past year. Boardrooms know the problem, with 30% saying that recruiting cyber staff is their main hiring concern, but the increase in the volume and complexity of cyberthreats has exacerbated the issue.”
“While businesses should aim to have cyberexperts in place at all times, there are cost-effective options to bolster cyberdefences. Recruiting interim cyberstaff, for example, to evaluate and set organisation-wide cyber policies, especially during peak threat periods throughout the year, offers a more budget-friendly way to remain resilient against cyberattacks while looking to hire permanent staff.”