Skip to content

Open Consultation - Embedding Standards and Pathways Across the Cyber Profession by 2025

Council news

12:00 Wednesday, 19 January 2022

UK Cyber Security Council

Today sees the launch of the UK government's latest consultation to drive up security standards in outsourced IT services used by almost all UK businesses through the provision of new laws.

Other proposals being published today include making improvements in the way organisations report cyber security incidents and reforming legislation so that it is more flexible and can react to the speed of technological change.

This consultation will ensure that we have the powers to raise the bar and create a set of agreed qualifications and certifications so those working in cyber security can prove they are properly equipped to protect businesses online.

The plans follow recent high-profile cyber incidents such as the cyber attack on SolarWinds and on Microsoft Exchange Servers which showed vulnerabilities in the third-party products and services used by businesses can be exploited by cybercriminals and hostile states, affecting hundreds of thousands of organisations at the same time.

They also follow an increase in ransomware threats to organisations, including some in critical national infrastructure such as the Colonial Pipeline attack in the US.

Minister of State for Media, Data, and Digital Infrastructure, Julia Lopez, said: “Cyber attacks often succeed because criminals and hostile states exploit vulnerabilities in businesses’ digital supply chains and outsourced IT services. The plans we are announcing today will help shield essential services from cyber threats and lead to a better organised cyber profession which can continue to grow, innovate and protect people online. Every UK organisation must take their cyber resilience seriously. It is not an optional extra.”

Simon Hepburn, CEO of the UK Cyber Security Council, said: “The UK Cyber Security Council is delighted that these proposals recognise our cyber workforce lead role that will help to define and recognise cyber job roles and map them to existing certifications and qualifications. We look forward to being involved in and contributing to this important government consultation and would encourage all key stakeholders to participate too.”

To make the UK more secure and help prevent these types of attacks the government is aiming, through new legislation, to take a stronger approach to getting at-risk businesses to improve their cyber resilience as part of its new £2.6 billion National Cyber Strategy

For more information about the consultation visit the gov.uk website.