Policy paper

Cyber Security Incentives & Regulation Review: Call for Evidence

A call for evidence to help improve cyber security across the UK economy.



This call for evidence has now closed.

You can read the outcome of the call for evidence here. _____________________

The Government ran a Call for Evidence on improving cyber security across the economy in November and December 2019.

You can read the news story here.

The Call for Evidence supports the Government’s Review of Cyber Security Incentives and Regulation, which is looking at how the Government can help organisations better protect themselves online.

The review will:

  • help to understand the barriers which prevent organisations from improving their cyber security
  • understand the effectiveness of existing interventions, including regulations like GDPR and the NIS Directive, and other guidance and support
  • develop a range of policy proposals to address any gaps.

The Government encouraged industry and other stakeholders to respond to the Call for Evidence to help us understand the apparent lack of strong commercial rationale for investment in cyber security. We wanted to understand how using market levers could incentivise better cyber security risk management, including what Government action would help key industry groups that manage market risk - such as investors, the insurance industry, consultancies, and audit firms - drive improvements across the economy.

We wanted evidence on how we can help industry better manage cyber risk, e.g. by providing better information on how secure organisations are, or greater information sharing on the cost and likelihood of cyber attacks.

This work supports the Government’s National Cyber Security Strategy 2016-2021, which is backed by £1.9 billion investment and is helping to make the UK the safest place to live and do business online.

The Call for Evidence ran from 4 November 2019 until Friday 20 December 2019. The Government will respond during 2020 as part of the wider Review of Cyber Security Incentives and Regulation.

If you have any questions about the review you can email the review team at cyber-review@culture.gov.uk or write to:

Cyber Review - room 4/47
Department for Digital, Culture, Media and Sport
100 Parliament Street

Published 4 November 2019
Last updated 21 December 2019 + show all updates
  1. The Call for Evidence has now closed. The Government will respond during 2020 as part of the wider Review of Cyber Security Incentives and Regulation.

  2. First published.