Government should require all businesses to demonstrate that cyber security is being managed at Board level, as part of operational due diligence. Insurers should require evidence of cyber security policies before issuing ‘all risks’ cover to trading organisations
Efforts to improve cybersecurity and critical infrastructure protection should encourage public-private partnerships as an effective tool for coordination and collaboration on addressing current and emerging threats.
Cybersecurity should be specifically recognized as a work-stream by the National Crime Agency’s threat-assessment regime, and resources allocated within Action Fraud to develop best-practice responses in partnership with industry.
Government and industry must develop a partnership framework to increase the effectiveness of dialogue between industry and government.
Internationally accepted best practices relevant to the products at issue (IT or telecom) should be utilized as important considerations when developing cyber security and critical infrastructure protection policies.
Government should push for a position within the EU and international trading partners which recognizes the need for cybersecurity transcends national and trading-bloc boundaries. UK and EU should support cybersecurity and critical infrastructure policies that promote innovation; facilitate resilience; keep markets open; and do not create unnecessary barriers to trade.