The NCSC is concerned to ensure that Boards understand their responsibilities in relation to enhancing the efforts of their companies in cyber security. They would like to see the 90% of Boards that see cyber risk as a critical priority increased to 100%.
Ministers and the NCSC have written to many businesses to indicate 3 steps that businesses should take urgently -
- Make cyber risk a Board level priority using the cyber governance code of practice
- Sign up to the NCSC's early warning service
- Require cyber essentials in your supply chain
The BRC works closely with NCSC including regular meetings for members online and in person.
The Code of Practice covers actions in 5 areas - Risk management; strategy; people; incident planning, response and recovery; assurance and oversight
The letter can be downloaded and includes links to the Code.