IT companies could be forced to follow new cyber rules under new measures designed to improve the cyber security of digital supply chains.

The government said that IT service providers could be required to follow new rules such as the National Cyber Security Centre’s (NCSC) Cyber Assessment Framework as part of the new proposals.

Other plans include new procurement rules to ensure the public sector buys services from firms with good cyber security and plans for improved advice and guidance campaigns to help businesses manage security risks.

The move follows a consultation by the Department for Digital, Culture, Media and Sport (DCMS) to enhance the security of digital supply chains and third party IT services, which are used by firms for things such as data processing and running software.

New government-issued research found that 91 per cent of chief executives and directors of Britain’s top companies see cyber threats as a high or very high risk to their businesses. But nearly a third of leading businesses are “not taking action” on supply chain cyber security, with only 69 per cent of those surveyed saying their organisation actively manages supply chain cyber risks.

“As more and more organisations do business online and use a range of IT services to power their services, we must make sure their networks and technology are secure,” said minister for media, data and digital infrastructure, Julia Lopez. “Today we are taking the next steps in our mission to help firms strengthen their cyber security and encouraging firms across the UK to follow the advice and guidance from the National Cyber Security Centre to secure their businesses’ digital footprint and protect their sensitive data.”

Share Story: