Cyber Security and Resilience Bill
Back in September, the UK Department of Science, Innovation and Technology announced that the Cyber Security and Resilience Bill would be introduced to Parliament in 2025.
The Bill was first announced in the King’s Speech on 17th July 2024. Its aim is to strengthen the UK’s cybersecurity and ensure that critical infrastructure and digital services are secure and resilient.
What?
Whilst it’s not entirely clear exactly what new services will be covered by the Bill, it is expected to:
- Expand the remit of regulation to protect more digital services and supply chains. The Bill aims to fill an immediate gap in defences and prevent a replay of attacks experienced by critical public services such as the ransomware attack impacting London hospitals.
- Put regulators on a strong footing to ensure essential cyber safety measures are being implemented. This could include potential cost recovery mechanisms and provide regulators with new powers to proactively investigate potential vulnerabilities.
- Mandate increased incident reporting to give government better data on cyber-attacks. This will improve the understanding of threats and alert government to potential attacks by expanding the type and nature of incidents that regulated entities must report.
Why?
In the last 18 months we’ve all watched in horror media reports of cyber-attacks against critical infrastructure such as hospitals, universities, local authorities and government departments:
- In late November 2024, a cyber-attack affected clinical activity at multiple NHS sites across Merseyside
- In June NHS England confirmed that a Russian cyber-criminal group had stolen patient data managed by pathology testing organisation Synnovis, impacting several London hospitals
- A ransomware attack on a Scottish NHS trust in March 2024 resulted in patient and staff-identifiable information being published online by the attackers.
- Also in March, Leicester City Council temporarily shut down its IT systems and phone lines due to a cyber incident.The attack had a significant impact on council services over several weeks. It later confirmed that confidential data had been published online by a “known ransomware group,”
- In August, a cyber-attack on a housing software provider resulted in the housing websites for three local councils – Manchester, Salford and Bolton – being suspended.
These are just some of the many attacks experienced against critical infrastructure and public services in recent months and years.
The Government itself points out that laws have not kept pace with technological change. The Bill will therefore strengthen the UK’s cyber defences and ensure critical infrastructure, and the digital services companies rely on are secure.
How could it impact your business?
Whilst limited details are available at the moment, organisations involved in critical infrastructure – such as data centres, managed service providers, and digital service providers (including online marketplaces, search engines and cloud services) – should follow developments with the Bill closely as it makes its passage through Parliament in 2025. Particularly in relation to new cybersecurity obligations and reporting obligations.
By leveraging Leverets comprehensive legal services, your businesses can proactively address the challenges posed by the Cyber Security and Resilience Bill, ensuring compliance and enhancing your resilience against cyber threats.
For more information get in touch with a member of our team.
