In the coming months, Parliament will introduce a new Cyber Security and Resilience Bill, and Digital Information and Smart Data Bill, as confirmed in the King's Speech on Wednesday, July 17, 2024.
Once the bill’s have been debated and then approved by Parliament, they will receive Royal Assent and become legal requirements, known as acts. The announcements mark the first King’s Speech of King Charles III and the Labour Government under Prime Minister Keir Starmer, setting an ambitious legislative agenda focused on economic growth.
Legislative focus on cyber security
The King’s Speech was set to outline Labour’s comprehensive plans for AI and cyber security. While no new AI bill was introduced, the government emphasised its intent to legislate for advanced AI model development in the future. Among the 40 bills in the new legislative agenda, the Cyber Security and Resilience Bill and the Digital Information and Smart Data Bill specifically target the responsible use of data and technology.
Cyber Security and Resilience Bill
With 50% of businesses reporting cyber security breaches or attacks in the past year, the Cyber Security and Resilience Bill aims to address these escalating threats. This legislation seeks to strengthen cyber security across more firms by expanding existing regulations, enhancing regulatory authority, and increasing reporting requirements for a clearer understanding of cyber threats in the UK.
Lee Johnson, CISO/CIO of Air IT and MD of Air Sec, the Cyber Security division of Air IT, stressed the importance of this legislation, citing the sophistication and frequency of recent cyber threats are significantly impacting UK businesses.
This Bill highlights the urgency to fortify the UK’s cyber defences, securing critical infrastructure and digital services. For businesses, more stringent cyber security requirements will be mandated, making cyber security a key budget priority for businesses, both large and small. These announcements align completely with Air IT’s strategic vision for its clients, which sets business security and resilience as the number one priority for SMEs, as set out in our ‘Resilience 24’ blueprint which we have designed and developed to help businesses mitigate against the increasing threat landscape.
The Bill will update the UK’s Network and Information Security (NIS) Regulations 2018, derived from the EU’s NIS Directive, and will likely expand further on the EU’s updated ‘NIS2’ directive set for implementation by October 2024. New legislation is likely to mean businesses will have to invest in robust cyber security tools, such as Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), Backup and Disaster Recovery solutions, as well as modernising infrastructure and technology to enable the latest security enhancements.
Digital Information and Smart Data Bill
The Digital Information and Smart Data Bill aims to drive economic growth through innovative data use.
Key initiatives include:
- Creating digital verification services
- Supporting secure digital identity products
- Developing a National Underground Asset Register for better infrastructure management
- Implementing Smart Data Schemes for secure customer data sharing
This Bill will also modernise and strengthen the Information Commissioner’s Office (ICO) with new powers and a modern regulatory structure. Targeted reforms to data laws will support new technology development without compromising data protection standards.
Strengthening cyber defences
The Cyber Security and Resilience Bill comes in the wake of recent high-profile cyber-attacks, such as the ransomware incident affecting NHS supplier, Synnovis. This legislation aims to align the UK’s regulations with the EU’s proposed Cyber Resilience Act, an act which covers a wide range of products, focusing on enhancing the security posture of the connected ecosystem and mandates incident reporting, including ransomware attacks, to improve data on cyber threats.
Lee Johnson concluded:
The previous UK government had started to explore reforming the NIS regime through a review and consultation. However, the Bill will likely extend the scope of NIS regulations to cover more digital services and supply chains, mandating additional layers of incident reporting obligations and stronger regulatory powers and penalties for non-compliant businesses.
IT budgeting for the future begins today
The Government recognises the evolving cyber threat landscape. This new legislation will aim to bolster the UK’s defences against these threats, ensuring robust protection for critical infrastructure, businesses, and digital services.
After today’s announcement business should prepare to increase IT budgets and begin to take proactive steps by prioritising investment in advanced cyber security tools and infrastructure modernisation to comply with forthcoming regulations and safeguard their operations against evolving cyber threats.
Strengthen your cyber resilience in 2024
Discover strategies to help improve your IT and cyber security in our blog, ‘Strengthening Your IT Resilience in 2024 & Beyond’.
Alternatively, feel free to contact us for further assistance in enhancing your security posture through cyber resilience.
