Morning, Tuesday, 20th May 2025
Online
This conference will assess next steps for cyber security policy and regulation in the UK, including development and implementation of proposed updates to cyber security legislation.
It will be an opportunity for stakeholders and policymakers to assess priorities for improving resilience of UK businesses and critical national infrastructure, as well as provisions in the anticipated Cyber Security and Resilience Bill. Discussion is expected on proposed updates to the Network and Information Systems (NIS) Regulations, as well as the way forward for managed service providers in demonstrating compliance, following the DSIT consultation on the impact of widening the regulatory scope. Delegates will also assess proposals for increased incident reporting, including the support needed for SMEs, priorities for efficiency and privacy of data-sharing, and key considerations for tackling ransom payments.
The conference will bring out latest thinking on increasing resilience in supply chains and procurement frameworks, as DSIT commits to supporting six banks in expanding the role of the Cyber Essentials scheme to manage risk. Delegates will also examine priorities for raising cyber security standards across the wider economy, as well as next steps for businesses and organisations in the voluntary adoption of the AI Cyber Security Code of Practice and forthcoming Cyber Governance Code of Practice.
Strategic priorities for improving cyber skills will also be discussed, with policy recommendations announced by the International Coalition on Cyber Security Workforces including prioritising interoperability of standards and cooperating on overcoming barriers to career progression.
Further discussion is expected on key considerations for UK policy and stakeholders and policymakers, following implementation of the EU NIS2 directive that aims to address supply chain and supplier security, streamline reporting obligations, and increase information sharing on cyber crisis management.
With the agenda currently in the drafting stage, overall areas for discussion include:
- policy: priorities for the Cyber Security and Resilience Bill - options for introducing incentives to comply with new regulations - key considerations for legislative agility moving forward
- regulation: managed service and digital service providers - issues and responsibilities for businesses and service providers - regulator capacity for monitoring and enforcing compliance
- incident reporting: assessing practical considerations for increased reporting obligations on businesses and organisations - support for start-ups and SMEs - issues around reporting timescales
- data protection: strategies for streamlining data collection on cyber-attacks - ways forward for ensuring secure and efficient data sharing
- standards: expansion of the Cyber Essentials scheme - strategies for enhancing supply chain security and across the wider economy - due diligence processes - provision of support needed for SMEs
- skills: strategies for effective delivery of cyber security training - addressing gaps in the talent pipeline - the way forward for international collaboration
- international best practice: implementation of the EU NIS2 directive - key considerations for UK stakeholders and policymakers
