UK government wants you to beef up cybersecurity
The UK government wants to make “sure companies have detailed plans in place to respond to and recover from any potential cyber incidents. The plan should be regularly tested so it’s as robust as possible. And it should have a formal system for reporting incidents also in place. Organisations are also encouraged to equip employees with adequate skills and awareness of cyber issues. This is so they can work alongside these new technologies in confidence.” So, let’s dive into the Cyber Governance Code of Practice call for views to see why the UK government wants you to beef up cybersecurity.
AI Cyber Security Code of Practice and International Standard
This call for views ended on the 9th of August, 2024. The goal was to collect thoughts on how to secure AI. This is so that the UK public and businesses can realise the benefits with fewer risks.
According to a recent survey, 68% of businesses are using at least one type of AI but nearly half had no specific cybersecurity standards in place. And “among those planning to use AI in the future, 25% said that their organisation would not have specific cyber security practices or processes in place explicitly regarding the AI technology, once the planned technologies were deployed, and a further 25% were unsure. Of those without or not intending to have specific AI cyber security practices or processes, there were a few key reasons as to why they had not adopted specific practices. 14% had not considered it or did not know enough about it, and 14% said they do not use AI for anything sensitive.”
However, we’ve already shown that AI is both a benefit and a huge risk to cybersecurity. So, it’s no surprise that the UK government wants you to beef up cybersecurity. This is even if you’re not planning to adopt the technology right away.
The Code of Practice for Software Vendors
At the same time that the AI call for views was ending, a call for evidence closed on a “draft code of practice for software vendors to improve the resilience and security of software.” The UK government is trying to save software vendors from common mistakes. These include ones in distribution and development, information sharing and the impact of supply chain attacks. These attacks, like watering hole, are having a real drag on the UK economy. And they have led to the 12 principles of supply chain security guidance recently published by the NCSC.
This code essentially asks businesses to understand their risk. Then they must establish formulaic controls, check their arrangements with suppliers and commit to continuous improvement. This guidance, combined with the future AI standards code, will help to strengthen the tech foundation of the UK. The goal is for all businesses and consumers to be better protected from negligence and bad actors.
If you’re one of the majority of businesses that are using AI but don’t have specific measures in place or who have a wide supplier pool and are unsure about your risk profile, let’s talk today. We can help you get up to speed with the latest updates and monitoring packages while creating a future roadmap.