The government has done a lot over the last few years to encourage good cyber security practices – from all the advice and guidance published by the National Cyber Security Centre, to the establishment of the Cyber Essentials standard, to the investment in information sharing spaces. But while practices and awareness have improved, the pace of change is slow and many companies still have a long way to go.
As a result, the government is now considering whether there are sufficient commercial incentives in place to drive the right behaviours in cyber security. GDPR has probably been the greatest driver to improvements in recent years – so do we need more regulation or stronger commercial sticks and carrots to change behavior more quickly in practice?
DCMS has published a call for evidence on this topic and we are keen to get the input of members on how they make decisions about investment in cyber security, whether better information is needed and whether there is a need for a more standardised and assured approach to cyber risk management. We will be submitting a response to the consultation, and if you have any views or relevant experience you would like to input, please email firstname.lastname@example.org by early December.