Westminster eForum

For booking-related queries or information on speaking please email us at info@forumsupport.co.uk, or contact us: +44 (0)1344 864796.

Next steps for cyber security policy and regulation in the UK

Cyber Security and Resilience Bill | supply chain resilience | incident reporting | threats & ransomware | skills | AI & emerging technology | data collection & sharing | consumer protection | geopolitical landscape

TO BE PUBLISHED May 2025


Starting from: £99 + VAT
Format: DOWNLOADABLE PDF


This conference will assess next steps for cyber security policy and regulation in the UK.


It will be an opportunity for stakeholders and policymakers to assess priorities for the design and implementation of updated legislation to improve the cyber resilience of businesses, service providers, critical national infrastructure, and individuals in the UK. Delegates will assess next steps for proposed changes to Network and Information Systems (NIS) Regulations through the anticipated Cyber Security and Resilience Bill.


Cyber Security and Resilience Bill
With the Bill expected to be introduced into Parliament shortly, delegates will consider the way forward for expanding the regulatory scope to better protect supply chains and incorporate digital services. Attendees will look at issues for organisations, and what will be needed to comply with new regulations, together with priorities for developing capabilities among businesses and sector regulators.


Proposals for mandating increased incident reporting will also be discussed, including strategies for sharing cyber attack data safely, and considerations for managing the administrative burden, particularly for smaller organisations. We also expect delegates to bring out latest thinking on alignment of reporting requirements with international standards such as the EU NIS2 Directive, which requires only significant incidents to be reported to national authorities.


Ransomware and reporting
The conference will also be an opportunity to examine priorities for protecting against ransomware, as the Home Office consults on proposals aimed at reducing payments made by victims of such attacks. Delegates will discuss the efficacy of targeted bans for CNI and public sector bodies, looking at how a wider payment prevention scheme might operate, and key considerations for the creation of a reporting regime with thresholds and exemptions.


Priorities for tackling ransom payments will be discussed, looking at best practice for businesses, SMEs, and senior leaders will be discussed, with the Counter Ransomware Initiative led by the UK and Singapore strongly discouraging ransom payments in guidance published in October 2024.


Latest geopolitical developments and implications for cyber resilience in the UK will also be explored, with the BBC recently reporting that the US administration has paused cyber operations against Russia.


Supply chain resilience, Cyber Essentials and AI
The conference will bring out latest thinking on increasing resilience in supply chains and procurement frameworks, as DSIT commits to supporting six banks in expanding the role of the Cyber Essentials scheme.


Delegates will also examine priorities for raising cybersecurity standards across the wider economy, including the way forward for businesses and consumers in navigating opportunities and challenges posed by emerging technology and AI. We expect discussion on how industry, senior leaders, developers, and AI adopters can effectively implement guidance in the AI Cyber Security Code of Practice and forthcoming Cyber Governance Code of Practice.


Skills
Strategic priorities for improving cyber skills, governance, and literacy of senior leaders and the UK workforce more widely will be discussed, with policy recommendations from the International Coalition on Cyber Security Workforces including prioritisation of interoperability of standards, alongside cooperation towards overcoming barriers to career progression.


International
Further discussion is expected on key considerations for UK policy and stakeholders, following implementation of the EU NIS2 Directive, which aims to address supply chain and supplier security, streamline reporting obligations, and increase information sharing on cyber crisis management. Delegates will assess the impact of the UK’s Product Security and Telecommunications Infrastructure regime on consumer and industrial internet of things, as well as key considerations for alignment with the EU Radio Equipment Directive applying to all internet-connected products from August 2025.


We are pleased to be able to include keynote sessions with: Nick Dodd, Head, Regulatory Policy, Cyber Security and Resilience Bill, DSIT; and Toby Lewis, Global Head, Threat Analysis, Darktrace.


Overall areas for discussion include:


  • policy: priorities for the Cyber Security and Resilience Bill - options for introducing incentives for compliance with new regulations - key considerations for policy agility moving forward
  • regulation: issues and responsibilities for businesses and service providers, including managed and digital service providers - regulator capacity for monitoring and enforcing compliance
  • incident reporting: assessing practical considerations for increased reporting obligations on businesses and organisations - support for start-ups and SMEs - issues around reporting timescales
  • data protection: strategies for streamlining data collection on cyber attacks - ways forward for ensuring secure and efficient data sharing
  • standards: Cyber Essentials scheme expansion - enhancing supply chain security, including across the wider economy - due diligence processes - provision of support needed for SMEs
  • skills: strategies for effective delivery of cyber security training - addressing gaps in the talent pipeline - the way forward for international collaboration
  • international practice: implementation of the EU NIS2 Directive - key considerations for UK stakeholders and policymakers

All delegates will be able to contribute to the output of the conference, which will be shared with parliamentary, ministerial, departmental and regulatory offices, and more widely. This includes the full proceedings and additional articles submitted by delegates. As well as key stakeholders, those due to attend include officials from DSIT; NCSC; ICO; Ofcom; NCA; GLD; DHSC; DESNZ; DBT; DWP; HSE; HRA; Ofgem; Home Office; and the Welsh Government.



This on-demand pack includes

  • A full video recording of the conference as it took place, with all presentations, Q&A sessions, and remarks from chairs
  • An automated transcript of the conference
  • Copies of the slides used to accompany speaker presentations (subject to permission
  • Access to on-the-day materialfs, including speaker biographies, attendee lists and the agenda