Skip to main content

UK Cyber Governance Code

28 March 2024
Tim Johnson

The UK government has proposed a Cyber Governance Code of Practice (“the Code”). The intention is for the Code to be launched as a voluntary tool, without its own statutory footing and is designed to introduce stronger frameworks of accountability and good governance. The government is exploring how it could be used to assist with regulatory compliance, including with the General Data Protection Regulation (GDPR) and the Network and Information Systems (NIS) regulations. 

The Code has been co-designed with industry leaders and technical experts at the National Cyber Security Centre. 

The Cyber Security Breaches Survey 2023 found that while cyber security is seen as a high priority by senior management at 71% of businesses and 62% of charities, this has not translated into action or greater ownership of cyber risk at the most senior level. An aim of the Code is to make it easier for senior managers to understand what actions to take.

Views are currently being sought on Code.

The government is also seeking to explore either a self or independently assessed assurance process against the Code. The aim is that this can be used to derive confidence in an organisation’s governance of cyber risks. Views are being sought on the potential demand for an assurance mechanism to support the implementation of the Code and insurance firms have been specifically referred to as stakeholders who could derive use from such a process.

Key contact

Key contact

Tim Johnson


+44 (0)115 976 6557

View profile Connect on LinkedIn
Can we help you? Contact Tim

You may be interested in...