Cyber security incentives & regulation review: government response to the call for evidence
A summary of evidence received by the government as part of the Review of Cyber Security Incentives & Regulation, plus associated research publications.
Documents
Details
The government wants to improve the cyber security of organisations across the economy and society. To support this we are currently conducting a Review of Cyber Security Incentives & Regulation. As part of the review, the government held a Call for Evidence between 4 November and 21 December 2019. This document provides a summary of the evidence we received.
We are also publishing a number of other documents and research reports, which are part of our work to improve the evidence base. These will help us understand what works and how government and industry can best work together to improve cyber risk management across the economy. The descriptions of these reports are set out below and you can download them from the list above.
The overall objective of this work is to help us grow a strong and resilient digital economy, and support our objective set out in the National Cyber Security Strategy to the make the UK the safest place to live and work online.
The Impact of GDPR on Cyber Security Outcomes
This research sought to understand the impact of the introduction of the GDPR in 2018 on organisational cyber security outcomes. This research will inform the forthcoming review of the UK regulatory framework.
Feasibility of a Longitudinal Cyber Security Survey
This research sought to investigate the feasibility of creating a new longitudinal study of large organisations’ cyber security and governance practices. Such a study would allow DCMS to conduct analysis on the link between large organisations’ cyber security behaviours and the likelihood of experiencing a breach over time.
The full cost of cyber security breaches
This research sought to better understand the full costs of cyber security breaches, through the creation of a methodology for categorising and grouping costs. This research will be used to form part of the evidence base on the impact of cyber security breaches for organisations.