The UK's Cyber Security and Resilience Bill excludes central and local government despite 40% of NCSC-managed attacks targeting the public sector. Critics argue this exemption undermines the legislation's effectiveness, especially given recent high-profile breaches like the Legal Aid Agency and Foreign Office incidents. While ministers promise equivalent standards through a separate Cyber Action Plan, experts note this lacks legal enforcement. The government suggests future sector-specific legislation may address public sector security, but the current approach raises questions about its commitment to protecting government systems from increasingly common cyberattacks.
Sort: