On Monday, 30 September 2024, the Department for Science, Innovation and Technology (DSIT) published an update on the upcoming Cyber Security and Resilience Bill (CSR). We missed the announcement at the time, but in truth, there is little here that wasn't already outlined in the King's Speech in July. The key CSR provisions remain the same:
- Expand the remit of the regulation to protect more digital services and supply chains by filling a gap in our defences to prevent similar attacks experienced by UK critical public services, such as the recent ransomware attack on Synnovis that impacted several London hospitals and GP services.
- Put regulators on a strong footing to ensure essential cyber safety measures are implemented, including potential cost recovery mechanisms to provide resources to regulators and powers to proactively investigate potential vulnerabilities;
- Mandate increased incident reporting to give the government better data on cyberattacks, including where a company has been held for ransom.
The update clarifies that the CSR Bill will be introduced to Parliament in 2025 and that the government is working with stakeholders to gather input and will issue further communications in due course.
Additional commentary in ComputerWeekly.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 4,350 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.
