The UK Government has announced it will introduce the Cyber Security and Resilience Bill to create new rules designed to protect critical infrastructure from attackers.
The bill, announced as part of the King’s Speech, will push more firms to implement better cybersecurity defences and strengthen public sector cybersecurity.
The industry reaction:
Guy Golan, CEO, Executive Chairman and Co-Founder of global cybersecurity firm Performanta, said: “Following the King’s Speech and the introduction of the new Cyber Security and Resilience Bill, I commend the King and the government for bringing this issue to the forefront of British politics and governance. Our digital footprint has a growing impact on our physical and emotional presence, it affects people’s lives, emotions and decisions, and it is important that it is addressed at both the public and the private level.
“Cybersecurity plays a vital role in all the usual features of government policy including health, education, infrastructure, privacy, the processing of data, and finance and banking. It’s a tremendous threat not just for the private sector but for the stability of the country, its democracy and its foreign policy. With a number of significant attacks on large corporates but also the government and the NHS itself, it’s about time that decisive action was taken in response to this threat.”
Dominic Trott, Director of Strategy & Alliances at Orange Cyberdefense, Europe’s largest MSSP and expert security arm of the Orange Group, said: “Any steps to further strengthen our defences and ensure that more essential digital services than ever before are protected must be welcomed. Over the past year we have seen a series of attacks on organisations providing critical services to the UK. In the healthcare sector, for example, the pressures that hospitals have faced have been heightened by the growing threat of cybercriminals who have brazenly targeted the critical systems of the most vulnerable.
“According to our own data there were 69 cyber extortion attacks on healthcare businesses during Q1 of this year, up more than 100% from Q1 in 2023. To combat this, organisations must optimise access to skills, adoption of appropriate processes and the right use of technology to achieve cyber-resilience. It is pleasing to see that the Bill will make updates to the legacy regulatory framework by expanding the remit of the regulation to protect supply chains, which are an increasingly significant threat vector for attackers.”
Trevor Dearing, Director of Critical Infrastructure at Illumio, commented on the importance of prioritising the strengthening of public sector cybersecurity.
“This year has proven again how a cyberattack on our public services has long term financial and societal impacts,” he said.
“It’s therefore good to see that the new government is prioritising strengthening cybersecurity of public bodies, especially the NHS and MoD. Security amongst the public sector is too fragmented and a step towards a more centralised plan will be beneficial for a unified security posture, better suited to defend against modern cyberthreats.
“Increased powers for regulators and reporting will be critical for building cyber-resilience, however, regulation will only be successful if accompanied with additional funding for public bodies, otherwise all that will happen is that regulations create an unrealistic goal that is cost-prohibitive to implement.
“It’s also important that we see a strong emphasis on supply chain security given that third-party providers form the lifeblood for government departments. Cybercriminals will always go after the weakest link in the chain to gain access to more valuable system, so we must recognise the inevitability of a breach from suppliers and mitigate risk accordingly. A risk-based approach to security is key to achieving this, making sure that the most threatened services get the most resources.
“I’d also like to see further steps taken to reduce the risk from legacy systems across all public services. This technology accounts for 30-50% of all IT services in the NHS, so we need to see extra funding and support to help trusts replace systems as soon as possible. The cost of upgrades and replacements will be well worth it if it helps reduce the chances of multi-million-pound breaches.”
Dr Marc Warner, CEO, Faculty AI, an AI firm that has worked with several government departments, said: “Whilst tighter rules around frontier systems is sensible, Labour must guard against regulatory overreach.
“AI has been safely and successfully used for decades – from predicting travel times, spotting bank fraud, or reading patient scans.
“Embracing these ‘narrow’ applications – AI tools with specific, predetermined goals set by humans – should be the priority. Cracking down here would only stifle growth and hamper innovation – as well as robbing the public of better, faster and cheaper public services. “Starmer should release the handbrake on narrow AI, whilst implementing sensible rules around advanced, more general systems. This Bill looks to be a good start on that journey.”
Click below to share this article