The UK’s Cyber Security and Resilience Bill will boost standards – and increase costs

Posted on by

The emphasis on resilience means that providers will have to explain how they would recover from an incident and not simply avoid it. The new regulator of all this, the Information Commissioner’s Office (ICO), will be given teeth, the government indicated. That will mean the ICO will need more resources to meet this expanded, and in many ways, daunting remit.

What this means for enterprises is that the service providers, and probably major data center operators, will have to operate to more consistent standards. Broadly, this is positive, although many will already be working towards those standards under the influence of NIS2 regulations.

Why is it needed?

In 2024, the NCSC responded to 430 cybersecurity incidents, including 89 it said were rated as “nationally significant.” That included the large ransomware attack on the NHS pathology services provider Synnovis last June that ended up costing an estimated £32.7 million ($42 million) to fix.