Cyber governance code of practice

Cyber Governance Code of Practice: IET comments to the Department of Science, Innovation and Technology on 13 March 2024.

The IET welcomes and broadly supports the Cyber Governance Code of Practice call for evidence from the Department of Science, Innovation and Technology. 

Our key points are as follows:

• Having a Cyber Governance code of practice would be a very useful tool for directors. Cyber needs to be a key topic for C-suite discussions, given the proliferation of the digital economy, the growth of systems of systems and the threat of cyber disruption that could severely damage business continuity and competitiveness.
• Guidance must be proportionate, applicable, scalable, and understandable by non-specialists, applied equally to smaller/larger organisations, and take account of the sensitivity and connectedness of the environment in which the business operates. Complexity would lessen adoption.
• There should be a recognition of professionalism for cyber security practitioners. The IET supports engineers and technicians in gaining Professional Registration with such organisations as the Engineering Council and the UK Cyber Security Council.
• End to end cyber resilience throughout the supply chain is essential.
• Tool such as checklists for regular cyber health checks, incident response planning and indicators of good practice should be included with the Code.
• Collaboration with / promotion by industry and professional bodies will help the spread and adoption of the Code throughout public/private supply chains. Training will likewise support awareness and adoption.
• Independent audits would provide the most credible form of regular assurance around Code compliance. Financial incentives could be introduced to encourage regular cyber security assessments.