The Government has set out the scope of its Cyber Security and Resilience Bill, introducing new cybersecurity measures for 1,000 service providers to bolster supply chain defences for critical national infrastructure.
If the proposals are adopted, it will require more organisations and suppliers to bolster their cybersecurity in areas such as risk assessment, data protection, and network security defences.
While regulators will be given more tools to improve cyber security and resilience in the areas that they regulate. Part of this will require organisations to report a greater number of incidents to help build a stronger picture of cyber risks.
The move aims to better protect public services such as hospitals and energy suppliers as well as safeguard UK growth as part of the government’s Plan for Change.
There were 430 cyber incidents managed by the National Cyber Security Centre (NCSC) in the year to September 2024, with 89 classified as nationally significant. While the latest government research found that 50% of UK businesses were targeted by a cyber breach within the past 12 months.
Andy Ward, SVP International of Absolute Security, commented: “Supply chains are only as strong as their weakest link, so if suppliers don’t have robust cyber infrastructure in place, their entire network, including sensitive organisations across healthcare and policing, will be put at risk. Malicious actors only need one entry point – for example, an unpatched endpoint device – to breach an entire network, move laterally across systems, and wreak havoc.
“Securing supply chains requires more than just technology tools, it requires a comprehensive cyber resilience strategy, so it’s encouraging to see the focus from government in this area. As part of this, centralised security teams need visibility over their entire network of endpoints in order to identify suspicious activity and freeze, or shut off, potentially compromised devices before sensitive data is breached.”
As part of the Bill, the government is exploring new protections for over 200 data centres, building on the Critical National Infrastructure designation last year in an effort to safeguard innovation, particularly in artificial intelligence.
Mike Hellers, Product Development Manager at the London Internet Exchange (LINX): “The Cyber Security and Resilience Bill should be built on solid redundancy strategies for businesses. A strategy of building a redundant network will encourage uptime for organisations through enhanced security measures and alternative traffic routes.”
“At LINX, for example, we offer two independent network fabrics in the London Metro area, LON1 and LON2, using different network topology and underlying fibre infrastructure. This offers our members two options to connect to their peering partners and maximise their uptime.”
The Cyber Security and Resilience Bill is set to be introduced later in 2025 to combat the growing range of online threats and protect the UK’s digital services as part of kickstarting economic growth.
Technology Secretary Peter Kyle said: “Economic growth is the cornerstone of our Plan for Change, and ensuring the security of the vital services which will deliver that growth is non-negotiable.”
Attempts to disrupt our way of life and attack our digital economy are only gathering pace, and we will not stand by as these incidents hold our future prosperity hostage.
The Cyber Security and Resilience Bill, will help make the UK’s digital economy one of the most secure in the world – giving us the power to protect our services, our supply chains, and our citizens – the first and most important job of any government.”
