Airmic
Log in Join now News

NEW UK CYBER GOVERNANCE CODE OF PRACTICE WILL TAKE TIME FOR ORGANISATIONS TO ADOPT

30th April 2025

As Airmic ramps up communication of the benefits.

A third of respondents in this week’s Airmic Big Question said they are studying the UK’s new voluntary Cyber Governance Code of Practice, as Airmic continues engaging with the Department for Science, Innovation and Technology (DSIT) and with industry stakeholders to promote uptake of the code. Launched on 8 April by Feryal Clark, the Cyber Security Minister, the code sets out how business leaders can protect their day-to-day operations and secure future growth for the UK economy.

Julia Graham, CEO of Airmic, said: “Airmic supports actions to improve the management of cyber risk and the guidance for boards and top management provided by the Code of Practice and supporting materials. These will add tangible value to our members and the organisations they represent by helping to keep our country, businesses and citizens safe and resilient to risks set out in the National Risk Register, including cyber threats.

In consultation with members and risk professionals from industry, Airmic made a submission to DSIT on the code last year. Airmic called for the code to strike the right balance between the technical/operational aspect and governance controls, given that the emphasis in industry has been on the former.

Hoe-Yeong Loke, Head of Research at Airmic, said: “Our members have consistently shared concerns about the potential conflict in cyber standards between various countries and technical bodies, not to mention the multiplicity of overlapping regulations and requirements they have had to navigate. Airmic has had the opportunity to engage with the government to discuss these front-facing concerns from businesses, and rather than being yet another cyber standard, we believe the Cyber Governance Code of Practice is a much-needed baseline that organisations can adopt relatively easily.

Potential tangible benefits include insurers considering adoption of the code favourably when they underwrite cyber cover.

According to DSIT, building cyber resilience is crucial to protecting the financial viability of organisations, enabling them take full advantage of digital technologies such as artificial intelligence (AI) to drive the business strategy and improve business performance.

DSIT has also been engaging with Airmic on a draft AI Cyber Security Code of Practice, which forms another part of what DSIT has termed a “modular approach” to a series of five cyber security codes of practice which apply to different organisations and technologies. DSIT and Airmic are holding a joint workshop virtually on 12 May for Airmic members, as the government seeks to create a global standard – based on the code – that sets minimum security requirements for all AI systems.

Leigh-Anne Slade, Head of Media, Communications and Interest Groups, said: “At Airmic, we believe we can play a unique role in convening industry stakeholders and the government in helping to shape some of the cyber and AI standards that will impact businesses – through closed-door briefings with our members to roundtables where we can discuss the challenges and opportunities in the cyber and AI space today.

If you would like to request an interview and or have any further questions, please let me know.

We will be sharing the results of the Airmic Big Question with the press weekly.

You can also find the results here.

Media contact: Leigh Anne Slade
Head of Media, Communications and Interest Groups, Airmic
Leigh-Anne.Slade@Airmic.com
07956 41 78 77