Home » ISO Articles » The Importance of Cyber Security Legislation for Cyber Safety
The Importance of Cyber Security Legislation for Cyber Safety
Overview
In an age where more and more businesses are relying on the internet to function, cyber security has become increasingly important. The widespread increase in cyber-crime emphasizes how vital cyber security legislation is for protecting your business from attacks. This legislation, such as the Computer Misuse Act 1990 and The Cyber (Sanctions) (Overseas Territories) Order 2020, can be utilized in ways that increase your cyber security. This article will discuss cyber security and the applicable legislation that can help ensure the safety of your business online.
Cyber Security Legislation Against Cyber Attacks
There are several prominent pieces of legislation that aim to lower the risk of cyber-crime against businesses and governing bodies. The following are some key examples:
- Computer Misuse Act 1990 – The Computer Misuse Act 1990 aims to protect computer users from cyber-attacks and theft of information. It introduced three new offenses: unauthorised access to computer materials, intent to perform further offenses, and unauthorised access to modify a computer. Having policies and procedures in place in accordance with this act provides added protection against malicious attacks.
- The Cyber (Sanctions) (Overseas Territories) Order 2020 – This order, which extends the Cyber (Sanctions) (EU Exit) Regulations 2020 to British Overseas Territories, introduces restrictive measures on persons who are responsible for or involved in cyber-attacks. These measures, such as asset freezes, act as a deterrent for cyber-crime.
- Council Implementing Regulation (EU) 2024/1390 – This EU regulation is important for any business that had operations or partnerships in the EU. It establishes restrictions against bodies involved in cyber-attacks, strengthens counter measures against cyber-attacks, and sets procedures in place for implementing sanctions.
- Cyber Essentials – Cyber Essentials is a government backed scheme designed to help protect your organisation. The certification it provides helps make sure that cyber security measures are correctly and effectively implemented in your business.
Notable Breaches of Cyber Security Legislation
The increase of cyber-crime can be seen in action with the amount of high-profile cyber-attacks routinely making the news. For instance, in September 2024, Transport for London had to restrict online services due to a cyber-attack. The organisation reported detecting suspicious activity, however they did not find any evidence of customer data being compromised and the attack did not impact the transport services themselves. TfL stated that they take cyber security very seriously, which led to quick and efficient responses to the attack that likely lowered the severity of the damage.
While TfL’s cyber security appears to have reduced potential harm to the organisation’s data and services, other recent cases of cyber-crime have had more of a detrimental effect to businesses and customers. In August 2024, councils across Greater Manchester faced a cyber-attack, effecting housing websites and leaving residents susceptible to a phishing scam due to breaches of personal data. The cyber-attack came through the third-party service Locata, highlighting supply chain weaknesses and emphasising the need for higher cyber security to protect council services.
While any businesses and organisations can fall victim to attacks, the negative impact the attack has can be greatly decreased by having a pro-active approach to cyber security. Acting before a cyber-attack happens makes sure that if one occurs, it can be detected and addressed quickly.
Cyber security legislation is vital for any business that functions online or stores information online in any capacity. These businesses would be at risk to cyber-attacks, and therefore require protection. More specifically, here are three reasons why Cyber Security legislation would be beneficial to have in your ISO Compliance Register:
- Clarity – A straightforward and concise presentation of CS legislation makes it easier to address potential risks or weaknesses.
- Guidance – By providing tasks and additional information, finding ways to mitigate cyber-attack risks becomes simpler.
- Reassurance – Proof of action, especially certifications such as cyber essentials, reassures customers of cyber safety and improves trust.
The increase in cyber-crime in today’s digital landscape is unavoidable, but keeping your cyber security up to date with the help of legislation can shield your business from harm and ensure peace of mind.