Starmer's Cyber Security Bill Still MIA, Leaving UK Businesses Exposed
The Starmer government has yet to announce a specific date for introducing the Cyber Security and Resilience Bill (CSRB). Despite its importance, the bill's debut has been delayed, leaving businesses vulnerable to cyber threats.
Cybersecurity expert Ciaran Martin has highlighted a mismatch in the current regulatory posture, urging prioritization of service continuity over data breaches. This comes amidst high-profile attacks on British companies like Jaguar Land Rover, Marks & Spencer, and the Co-op. The existing NIS Regulations require service providers to manage organizational risk, including human factors, but the CSRB was finalized three years ago and still awaits introduction.
The bill's delay is not new. The previous government's similar law was held up due to a cabinet reshuffle. Four individuals were arrested in connection with the Marks & Spencer and Co-op attacks but later released on bail. Tata Consultancy Services (TCS), a managed service provider, was investigated as a potential vector for the Marks & Spencer attack but denied any compromise. The government warned in 2022 that managed service providers (MSPs) are attractive targets for cyber threats.
Minister for Business Chris Bryant has only promised the CSRB's introduction 'soon', without a specific date. With no clarity on the bill's arrival, businesses must remain vigilant against evolving cyber threats.
