Article

Category: Expertise strategy

The proposed Code of Practice on cybersecurity governance

Explore the UK Government’s latest draft on cybersecurity governance Code of Practice together with emagine’s expert, Trine Øksnebjerg.

Trine Øksnebjerg, Business Unit Director Security and Resilience, emagine

In an era where the digital landscape evolves daily, the importance of robust cybersecurity governance has never been more crucial for businesses. The UK Government has just unveiled its survey on the draft of Code of Practice on cybersecurity governance.  

Read the Code of Practice here.

By offering simple and action-oriented initiatives in key areas, the Code aims to support directors and boards to understand and act more effectively when dealing with cyber risks.   

 

What does the Code of Practice include? 

The proposed Code positions cybersecurity as a priority for businesses, acknowledging the critical impact that cyber-attacks can have.

Recent high-profile incidents have shown the vulnerability of software and digital supply chains, prompting the Government to propose safety measures to ensure security is a priority.  

The Code takes a view that is also shared by the EU Commission, which has, in their recent cyber legislation, like CRA, NIS2 and DORA, heightened the focus on a top-down approach with additional involvement of the management body in understanding their risk picture and the appropriate mitigating actions.

The Code emphasizes the need for a top-down approach to manage cybersecurity and, that cyber resilience should be an embedded part of the company strategy. Due to the impact and materiality on both business continuity and competitiveness, the Code stresses that cyber risks should be managed with the same level of importance as when managing financial and legal risks.  


 

The Code emphasizes the need for a top-down approach to manage cybersecurity and, that cyber resilience should be an embedded part of the company strategy.

 


The guidance is certainly a step in the right direction, and it will likely help businesses in their effort to better understand their risks and how they can improve their cybersecurity posture.  

Government intervention often raises the perceived seriousness of the problem, so businesses that haven’t yet grasped the potential risks involved with cybercrime may be more inclined to implement cyber protection strategies. And change is needed.

Illustration of a solid chain with code written in the metal

 The Cyber Security Breaches Survey 2023 found that while cybersecurity was seen as a high priority by 71% of senior management, this has not translated into action or greater ownership of cyber risk at the most senior level. Only 47% of SMEs and 64% of large organizations have a formal incident response plan in place.  

Read the Cyber Security Breaches Survey 2023 here.

Considering the critical importance of this kind of issue, the Code of Practice highlights how important it is for senior members of the team to take ownership and lead the organization to robust cyber governance. 

What challenges will businesses be dealing with?

 The guidance will encourage businesses to start assessing their cybersecurity across the organization, strategies, and processes - not just in IT. The extended use of digital technologies means that business resilience and management of cyber risks cuts across almost all areas of organizations. Considering this, ensuring a sufficient level of knowledge on cyber risks in all parts of the business will be key.  

The Code also takes this view, with the implementation of measures to enhance employee skills and awareness as an important element. It encourages organizations to prioritize investment in upskilling their workforce as an educated workforce is a formidable defence against cyber criminals. It’s crucial for employees to identify the signs to look out for as human error accounts for 80% of cyber incidents.

supply-chain-security_body-image-2

The general upskilling of employees should be supported by skilled cybersecurity experts, but this may be a difficult challenge to solve due to the current war for talent, especially within cybersecurity. Unfortunately, this problem is likely to persist - Gartner predicts that by 2025, over half of cyber incidents will stem from a lack of talent or human error. 

Read the article from Gartner here.

This not only affects the UK, as organizations worldwide are facing a shortage of qualified professionals equipped to tackle the complex and dynamic landscape of cyber threats. To make an impact, businesses need to stay one step ahead of cybercrime, which is up to each business to explore independently.  


 

The guidance will encourage businesses to start assessing their cybersecurity across the organization, strategies, and processes - not just in IT.

 


What else can organisations be doing to future proof cyber security?

 To ensure the chance of risks is reduced, businesses should: 

 

  • Identify the most important digital processes, information and services that are critical to the operation of the organization. 
  • Conduct regular risk assessments to identify changes internally and externally to adhere to regulations. 
  • Address cyber risks as part of the organization's broader risk management activities. 
  • Assess suppliers to make sure they are resilient against cyber risks associated with stakeholders and partners. 
  • Allocate resources and investment to develop all capabilities that manage cyber threats, such as upskilling employees. 
  • Encourage employees to take part in routine cyber security training and education programs so they are up to date with regulatory changes.  

Although the Code of Practice will be an invaluable framework for organisations, it must be understood that it is merely a tool. The efficacy of the Code lies in its adoption and implementation across sectors. As senior leaders, it is our responsibility to commit to adopting the recommendations. Effective cybersecurity requires commitment from top to bottom. 

The Code of Practice has requested feedback from businesses experiencing cyber issues firsthand. Views could be submitted up until 19th March 2024 and this presented an opportunity for senior leaders to actively shape cyber security advice to tackle risks together. 

Looking for an expert? 

Get in touch with our team today and get help with your cybersecurity defense strategy.

Blog

Read more

left-arrow
right-arrow

Consultants around a meeting table discussing KYC cases
Expertise strategy
Risk & Compliance

The future of preventing Financial Economic Crime and the importance of KYC

Understanding KYC protocols, AML regulations, and broader financial crime trends is vital for maintaining financial integrity. This article discusses key developments in compliance, KYC, and AML.

Expertise strategy
Tech & Development

New EU Act on Artificial Intelligence

Learn the ins and outs of the world’s first comprehensive legal framework on AI, the new EU AI Act and its anticipated impact on businesses.

Illustration of a solid chain with code written in the metal
Expertise strategy
Risk & Compliance

Digital Operational Resilience Act (DORA)

Here’s everything you need to know about the Digital Operational Resilience Act (DORA) which will apply from 17th January 2025.

Expertise strategy
Risk & Compliance

Proposed Code of Practice on cybersecurity governance

Explore the UK Government’s latest draft on cybersecurity governance Code of Practice together with emagine’s expert, Trine Øksnebjerg.

A business consultant ready to give a presentation at work.
Expertise strategy
Strategy, change & transformation

Embracing change as an opportunity for growth

In this article, we outline the best practices when it comes to navigating organizational change, including how to tackle challenges and maintain a clear vision when unprecedented issues arise.

Modern business environment with a man and woman in front of window facing a city
Expertise strategy

People-centric leadership: Tips for fostering digital wellbeing at work

This article equips team leaders with strategies for fostering digital wellbeing in the workplace, empowering them to guide their teams through the challenges that come with prolonged screen-time, hybrid work, and other factors of digitalisation in a modern workplace.

Expertise strategy
Strategy, change & transformation

Empower your teams through strategic thinking

This article considers why strategic thinking is crucial to effective leadership and explores some practical ways for leaders at all levels to develop this skill.

Consultants and advisors i an office space seen from above
Expertise strategy
Trends

Insights into 2024 business trends

With 2023 behind us and eyes fixed firmly on what opportunities 2024 will bring, Gillian Whelan, Country Manager of emagine Ireland, outlines five trends that will affect businesses this year.

Female consultant standing and writing on a desk
Expertise strategy
Risk & Compliance

Steering AML challenges: Embracing technology for a seamless future

Discover how to navigate AML challenges with automated processes and fortify your organization’s integrity and operations.

Bestshoring
Expertise strategy

Poland: An AI Centre of Excellence

AI is reshaping industries globally, and Poland’s thriving ecosystem positions it as a leader in AI development. emagine’s Cloud Administrator explores why Poland is a powerhouse in AI.

Business consultants conducting a meeting
Expertise strategy
Managed teams & Service
Staff augmentation

Managed Resourcing Services vs. Traditional Staff Augmentation

In the ever-evolving landscape of business operations, companies are constantly looking for ways to optimise their workforce strategies. Explore the two popular approaches that have gained prominence: Managed Resourcing Services (MRS) and traditional staff augmentation.

Expertise strategy
Risk & Compliance

Programme Governance: Top tips for success

In this article, we share some tips to navigate the intricate landscape of orchestrating interconnected projects and activities within a strategic framework.

Project manager at a meeting with his team.
Expertise strategy
Projects & Implementation

What has changed in PMBOK 7?

PMBOK is regularly updated to accommodate new trends, best practices, and developments in the field. How much has it changed between editions?

A team leader in front of her team
Expertise strategy
Projects & Implementation

The importance of leadership skills in a Project Manager

Behind every successful project lies a competent and visionary leader. In this article, we delve into the undeniable importance of leadership within project management and explore how effective leadership can be the driving force behind achieving project objectives.

Advisory & Solutions
Expertise strategy
Strategy, change & transformation

Building your PMO – Influence and Position

There are a number of things to consider when introducing a PMO. The Project Management Office fails far too often because of the wrong approach, and it can only be successful in the long term if fundamental questions are considered at an early stage.

Doug Collyer is Country Manager in UK
Expertise strategy
Strategy, change & transformation

The Nordic way of working: how does it help emagine consultants optimise their clients’ operations and boost profits?

emagine’s Nordic way of working embraces different perspectives and approaches to solve challenges and power progress among our consultants. Learn how our experts and Nordic work style can optimise our client’s operations and profitability.

thre people in a amicable meeting
Expertise strategy
Staff augmentation

Good onboarding: Setting your external workforce up for success

Enabling new consultants seamlessly integrate into your organisation is critical to their success. To ensure a smooth onboarding process, it is essential to help them get started immediately. This article will guide you through the most critical aspects of getting a consultant to start delivering from day one.

External consultants at a meeting in the office.
Expertise strategy
Staff augmentation

4 signs you need an IT consultant

Are you wondering if your company could benefit from hiring an IT consultant? This article outlines four common signs that indicate you may need external expertise to manage change, mitigate risk, or meet tight deadlines.

Bestshoring
Expertise strategy
Nearshoring
Publications

The Ultimate Guide to Nearshoring

Get our ultimate guide on how your IT organization can tap into Polish IT talent. Download the e-book and read condensed knowledge, facts and cases about Nearshoring based on our 12 years experience. Download now and get it free.

Expertise strategy
Tech & Development

The Complete Guide to Migrating Monolithic Applications to Microservices on the Cloud

As organizations strive to deliver high-quality software and services at scale, many are turning to a microservices architecture as a way to break down monolithic applications into smaller, more manageable components.

Modern business environment with a man and woman in front of window facing a city
Expertise strategy
Staff augmentation

The Science behind hiring the top 10%

As a business and technology consulting firm, we live of our ability to recruit the very top talent for our business. In this piece, I would like to share our thoughts behind the approach we on emagine UK. We call it: The science behind hiring the top 10%.

Expertise strategy
Strategy, change & transformation

People hate change, so how do you best implement it?

Bringing in new technology, individuals, or new teams to work on a key project can feel like a threat to existing staff – but it doesn’t have to be that way if you manage change positively.

Expertise strategy
Strategy, change & transformation

Key Success And Failure Factors Of The PMO

In this article, we will delve into Project Management Office (PMO) overview, and we will help you decide if it may be convenient for your team to have a PMO.

IT professionals outside engaging in conversation
Bestshoring
Expertise strategy
Nearshoring

Poland, the IT hub of Europe?

Poland has become a European talent hub in technology and engineering, and European companies leverage polish talent coding skills for nearshoring projects. Learn why.

Business woman talking to two colleagues
Expertise strategy
Staff augmentation

Team extension: How to hire external consultants successfully

Hiring external consultants isn’t something you should treat lightly. Learn the most satisfactory way to leverage experts in your organisation. In this article, Senior Account Manager Jytte Raahede shares her tips on onboarding consultants successfully.

Four professionals sitting together in a positive meeting smiling
Bestshoring
Expertise strategy
Nearshoring

A short guide to succeeding with Nearshoring

For many companies, the decision to go nearshore is not an easy one. It’s a decision that requires a great deal of consideration – we know that because several of our current clients were also reluctant to go nearshore at first. Learn our tips on how to get it right.