New cyber guidance calls for more defined roles and responsibilities when it comes to managing risk. For example, the latest UK Government cyber guidance, the DSIT Cyber Governance Code of Practice confirms CEOs and the board can no longer entirely delegate cybersecurity to the chief information security officer (CISO). How can other business leaders take ownership of their role in cybersecurity using this guidance?
Faced with ongoing cyber threats to public and private institutions, the UK’s Department for Science, Innovation and Technology (DSIT) published its Cyber Governance Code of Practice 2025, plus accompanying guidance. The guidance seeks to help senior leaders manage and mitigate their organizations’ exposure to malicious cyber activity. It emphasizes the role directors and board members play in cyber governance, distinct from that played by dedicated cybersecurity professionals, such as the CISO.
In this insight, we examine the key implications of the guidance, before looking at the benefits for strategic leaders of following the DSIT cyber code and its parameters, whether you are an organization based in the UK, or if you have a subsidiary or…
