Policy paper

2022 cyber security incentives and regulation review

This review details the progress made in improving cyber resilience in recent years and sets out further government intervention to protect organisations online

This was published under the 2019 to 2022 Johnson Conservative government

Documents

Details

As part of the £2.6 billion National Cyber Strategy 2022 the government is working to improve the cyber resilience of individuals and organisations across the UK economy.

This review details the progress made in improving cyber resilience between 2016 and 2021, and provides evidence and analysis as to why further action needs to be taken to ensure we are effectively managing cyber risk in the UK.

This review is a follow up to the 2016 Cyber Security Regulation and Incentives Review which considered whether there was a need for additional regulation or incentives to boost cyber risk management across the economy.

Since then, the government has implemented the General Data Protection Regulation (GDPR) / Data Protection Act 2018 and the Security of Network and Information Systems Directive 2018. The 2022 review assesses the impact of this legislation and sets out further actions the government intends to take to ensure businesses and organisations across the digital economy are sufficiently protected against cyber threats.

Alongside this review, the government is consulting on proposals for legislative changes to drive up levels of cyber resilience, particularly in organisations which play an important role in the UK economy, like managed IT service providers.

In addition, a separate consultation on embedding standards and pathways across the cyber profession by 2025 is also being published. This details proposals for how a stronger cyber security profession can support better cyber resilience.

For more information, read the press notice.

Updates to this page

Published 19 January 2022

Sign up for emails or print this page