Policy paper

DSIT cyber security newsletter - April 2025

Published 16 April 2025

1. Director’s message

The days are getting longer, the weather is getting warmer, and Rory McIlroy has finally completed his Grand Slam in the Men’s Golf – it seems like there’s a lot of change in the air, and the same is true on the cyber front here at DSIT too.
 
To begin with, we saw the publication of the much-anticipated policy statement for the Cyber Security and Resilience Bill on 1 April, supported by a blog post from the National Cyber Security Centre and a written statement to Parliament from Minister Clark. This is a crucial milestone on our journey towards introducing this new legislation later in the Parliamentary session.
 
We have also worked hard over the past year to develop the Cyber Governance Code of Practice, which was published on 8 April. The Code sets out how boards and directors can ensure they are managing their digital risks effectively, supported by a new training package from the National Cyber Security Centre. All medium and large businesses stand to benefit from using these tools, which have been developed closely in partnership with industry stakeholders.
 
Looking forward, I hope to be able to see some of you at CyberUK in Manchester in May, one of the highlights for the UK cyber security sector.
 
Until then, I hope you will be able to enjoy the (hopefully) continuing lovely weather and have a great spring break over the Easter holiday. 

Rod Latham 

Director, Cyber Security and Digital Identity

2. New policy statement for the Cyber Security and Resilience Bill

The government has set out the scope and ambition of the Cyber Security and Resilience Bill in a new policy statement. The statement details the confirmed and proposed measures in the Bill, including bringing firms providing essential IT services into the scope of regulations, improving incident reporting requirements and updating regulators’ powers.

Please see the press notice for further details.

3. Cyber Governance Code of Practice launched

On Tuesday 8th April, DSIT launched the Cyber Governance Code of Practice, which brings together the critical governance areas that directors need to take ownership of in one place, in a form that is simple to engage with.

The Cyber Governance Code of Practice forms part of the government’s free package of support on cyber governance and should be the first point of reference for board members. The Code has received backing from across UK industry with organisations including the Institute of Directors, EY and Zurich welcoming the launch.

The Code is underpinned by the NCSC’s new online training which will help boards and directors to implement the Code, a detailed Board Toolkit with further practical guidance and a mapping document that sets out how the Code relates to existing standards and frameworks.

4. Cyber security breaches survey 2025

This month we have published the latest edition of the Cyber Security Breaches Survey. The survey explores the policies, processes and approach to cyber security for businesses, charities and educational institutions. It also considers the different cyber attacks and cyber crimes these organisations face, as well as how these organisations are impacted and respond.

Just over four in ten businesses (43%) and three in ten charities (30%) reported having experienced any kind of cyber security breach or attack in the last 12 months. This equates to approximately 612,000 UK businesses and 61,000 UK charities that identified a cyber breach or attack in the past year.

5. Plans to boost cyber skills and diversity backed by IBM

IBM has agreed to partner with DSIT and the National Cyber Security Centre to help support the CyberFirst Girls competition, a UK-wide programme open to girls aged 12 and 13. IBM will be providing the online platform for the competition in 2025 enabling participants to engage and collaborate online.
 
The CyberFirst Girls Competition is currently run by the NCSC and more than 85,000 students across the country have taken part since its launch in 2017. To support the next generation of cyber talent, IBM will provide the platform for the 2025 edition of the competition.

6. New resources to promote Cyber Essentials

DSIT and the NCSC have produced new resources to support the Cyber Essentials scheme and explain the benefits for businesses and organisations. These include two short videos giving more details on Cyber Essentials and explaining how the scheme can be used as a supply chain assurance tool. There are also a set of infographics detailing the how the scheme works and what support is available to users.

Please visit the Cyber Essentials page for the videos, and visit the resources pages for the infographics.

7. Unmasking cyber violence: awareness, action & advocacy workshop at Aston University, 17 March 2025

In March the Cyber Security Innovation Centre at Aston University led a workshop to bring together academia, charities and third sector organisations, law enforcement and government to improve understanding of Cyber Violence against Women and Girls, as part of a project which has received funding from the Cyber Local programme.

Over the course of the day, around 100 attendees heard from speakers including Detective Superintendent Michelle David from West Midlands Police about the scale of the challenge both in the West Midlands and nationally; Farah Naz, advocate and the aunt of Zara Aleena; Kirat Assi, whose experiences of being catfished were documented in the Sweet Bobby podcast; as well as survivors, experts in digital coercive control, lawyers and the West Midlands Regional Cyber Crime Unit. The workshop will form part of the evidence base which the project will use to better define, understand and address this issue.