Paul Walsh is Practice Lead, Digital Transformation, and Head of European Consulting for Capital Markets at Treliant. He is an accomplished change leader, with more than 25 years’ experience and a proven track record of delivering large-scale transformation programmes across business and technology in complex global banking environments. He has…
- Source: gov.uk
The UK government is consulting on new measures to improve cybersecurity in British businesses as part of a £2.6 billion National Cyber Strategy following recent high-profile cyber-attacks. At Treliant, we’re experts in transformation around data, finance, risk, and regulation, using cloud and on-premises data warehouses, big data platforms, and FinTech and RegTech solutions. We’ve been helping leading financial institutions in this area for over a decade.
A recent report by the UK government highlights the need for new laws to increase security standards in outsourced IT services used by almost all UK businesses, including making improvements to how organizations report cybersecurity incidents.
The UK government has launched a consultation into amending the Network and Information Systems (NIS) Regulations, including proposals to:
- Expand the scope of the NIS Regulations to include managed services. These services are typically provided by companies that manage IT services for other organizations.
- Require large companies to improve cyber incident reporting to regulators such as Ofcom, Ofgem, and the ICO.
- Enable the UK government to future-proof the NIS regulations and bring into scope more organizations that provide critical support to essential services.
- Allocate all relevant costs incurred by regulators for enforcing the NIS regulations from the taxpayer to the organizations covered by the legislation to create a more flexible finance system.
- Update the regulatory regime so the most critical digital service providers in the economy must demonstrate proactively they are following NIS.
The report includes proposals to reform legislation to increase its flexibility and react at the same pace as technological change. It has also been suggested that the UK Cyber Security Council be given powers to create a set of qualifications and certifications, so those working in cybersecurity can prove they are adequately equipped to protect businesses online.