The UK government, in collaboration with the National Cyber Security Centre (NCSC), has recently introduced the Cyber Governance Code of Practice. This initiative aims to enhance the UK’s national resilience to cyber threats by providing senior leadership within organisations with practical guidance for managing cyber risk as a core element of business governance. The Code recognises that cybersecurity is not just an IT issue, but a strategic business risk where board-level engagement is essential.
Key features of the Code include:
Board-Level Accountability: Directors are encouraged to lead on cybersecurity governance, aligning cyber risk oversight with other critical business risks.
Actionable Guidance: The code includes structured, practical steps that boards can implement immediately to strengthen cyber oversight.
Digital Learning Tools: Accompanied by tailored training modules and integration with the NCSC’s existing Cyber Essentials framework.
Voluntary but Strongly Recommended: Targeted particularly at medium and large organisations, but also applicable to critical small businesses.
The Code covers five core cyber governance areas, each with guiding actions for boards to assess their readiness:
- Risk Management
- Strategy
- People
- Incident Planning, Response and Recovery
- Assurance and Oversight
Griffiths & Armour recommends that organisations review their cyber risk management practices against this new standard, which is available here.
To support our clients we can conduct Cyber insurance assessments to reduce cyber risk and aid the understanding of cyber risk exposure to inform the insurance risk transfer strategy. Further cyber risk and cyber incident response guidance supplemented by template policies and plan documentation plus e-learning is available via RMworks, which is available to all Griffiths & Armour clients. For further information and support, please get in touch.
