The UK government has issued a new Cyber Governance Code of Practice aimed at formalising how medium and large organisations govern cybersecurity risks. The Department for Science, Innovation and Technology (DSIT) launched the code with support from the National Cyber Security Centre (NCSC), and industry associations including the Institute of Directors.
The new code establishes a framework for boards and directors to oversee cyber risk across five domains, which include risk management, strategy, people, incident response and recovery, and assurance. It outlines clear responsibilities for board-level oversight and is accompanied by training modules and a cybersecurity toolkit provided by the NCSC. While the framework targets medium and large enterprises, small businesses are also encouraged to consult related…
