New guidance published to help boards and directors govern their organisations’ cyber security risks more effectively
Following the 2024 Call for Views on the Cyber Governance Code of Practice, the Department for Science, Innovation and Technology (DSIT) has published practical guidance to help boards and directors govern their organisations’ cyber security risks more effectively.
The Code of Practice is part of a broader government agenda to support cyber governance for board members across the UK. The Code was developed in partnership with the National Cyber Security Centre (NCSC) and industry leaders, the Code is designed to help boards take action, strengthen accountability and reduce risk in their organisations.
To further support this, the Code is supported by Cyber Governance Training and the Cyber Security Toolkit for Boards, both of which aim to improve directors’ understanding and improve governance of cyber security risks.
What is the Cyber Governance Code of Practice?
The Code outlines the most critical governance responsibilities for directors. It is tailored for boards of medium to large public and private sector organisations. While not directly aimed at smaller organisations, they are encouraged to consider its principles and consult the NCSC website for further guidance.
The Code is supported by two resources:
- The Cyber Governance Training confirms why and how board members take those actions.
- The Cyber Security Toolkit for Boards underpins the two, further supporting directors and board members.
The five principles of the Code
The Code is structured around five principles which all include clear and actionable steps, with associated training resources. These principles are designed to help directors and boards embed cyber resilience into their organisational culture and strategy.
- Risk management
- Strategy
- People
- Incident planning, response and recovery
- Assurance and oversight