The government has said that new laws are needed to drive up security standards in outsourced IT services used by nearly all UK companies.

Other proposals published this week include improving the way businesses report incidents and reforming legislation so that it’s “more flexible” and able to react to the speed of technological change.

It suggested that the UK Cyber Security Council, which regulates the cyber security profession, should take on powers to allow it to develop qualifications and certifications so that people working in the sector can prove they are equipped to protect companies online.

The move comes after a number of high-profile incidents hit headlines last year, including a cyber-attack on SolarWinds and Microsoft Exchange Servers.

“Cyber attacks are often made possible because criminals and hostile states cynically exploit vulnerabilities in businesses’ digital supply chains and outsourced IT services that could be fixed or patched,” said Julia Lopez, minister of state for media, data, and digital infrastructure. “The plans we are announcing today will help protect essential services and our wider economy from cyber threats.

“Every UK organisation must take their cyber resilience seriously as we strive to grow, innovate and protect people online. It is not an optional extra.”

The government said it is aiming to use new legislation to take a stronger approach to improving cyber resilience as part of its new £2.6 billion National Cyber Strategy.

Share Story: