The Call for Evidence supports the Government’s Review of Cyber Security Incentives and Regulation, which is looking at how the Government can help organisations better protect themselves online.
The review will:
help to understand the barriers which prevent organisations from improving their cyber security
understand the effectiveness of existing interventions, including regulations like GDPR and the NIS Directive, and other guidance and support
develop a range of policy proposals to address any gaps.
The Government encouraged industry and other stakeholders to respond to the Call for Evidence to help us understand the apparent lack of strong commercial rationale for investment in cyber security. We wanted to understand how using market levers could incentivise better cyber security risk management, including what Government action would help key industry groups that manage market risk - such as investors, the insurance industry, consultancies, and audit firms - drive improvements across the economy.
We wanted evidence on how we can help industry better manage cyber risk, e.g. by providing better information on how secure organisations are, or greater information sharing on the cost and likelihood of cyber attacks.