Overview
- Security minister Dan Jarvis pledged a tougher approach after high-profile attacks on JLR, M&S and others exposed systemic weaknesses.
- The Cyber Security and Resilience Bill requires initial incident reports within 24 hours, minimum security standards and tested response plans.
- Scope widens to cover data centres and managed service providers, with powers to designate critical suppliers in the public sector.
- Whitehall urged FTSE 350 leaders to strengthen defences as agencies such as the NCA signalled more assertive action alongside new NCSC tooling.
- A Commons committee pressed for a broader economic security push, proposing mandatory software security standards, tax relief for resilience upgrades and consultation on mandatory incident reporting.