Government publishes Cyber Governance Code of Practice
9 Apr 2025 11:14 AM
Following the 2024 Call for Views on the Cyber Governance Code of Practice, the Department for Science, Innovation and Technology (DSIT) has published practical guidance to help boards and directors govern their organisations’ cyber security risks more effectively.
The Code of Practice is part of a broader government agenda to support cyber governance for board members across the UK. The Code was developed in partnership with the National Cyber Security Centre (NCSC) and industry leaders, the Code is designed to help boards take action, strengthen accountability and reduce risk in their organisations.
To further support this, the Code is supported by Cyber Governance Training and the Cyber Security Toolkit for Boards, both of which aim to improve directors’ understanding and improve governance of cyber security risks.
What is the Cyber Governance Code of Practice?
The Code outlines the most critical governance responsibilities for directors. It is tailored for boards of medium to large public and private sector organisations. While not directly aimed at smaller organisations, they are encouraged to consider its principles and consult the NCSC website for further guidance.
The Code is supported by two resources:
The five principles of the Code
The Code is structured around five principles which all include clear and actionable steps, with associated training resources. These principles are designed to help directors and boards embed cyber resilience into their organisational culture and strategy.
- Risk management
- Strategy
- People
- Incident planning, response and recovery
- Assurance and oversight
You can access the voluntary Cyber Governance Code of Practice here and the accompanying Cyber Governance Training and Cyber Security Toolkit for Boards.
You can access the government’s response to the Call for Views on the Cyber Governance Code of Practice here.
In the UK, recent data indicates that 70% of medium-sized businesses and 75% of large businesses have experienced some form of cyber security breach or attack in the preceding 12 months, suggesting that there is still much to do to build resilience and raise awareness about cyber security as a critical business and growth enabler. techUK, therefore, welcomes the Cyber Governance Code of Practice which provides clarification for boards and directors on what they are responsible for when it comes to governing cyber risk; and the accompanying practical guidance to help them implement the Code in order to protect their businesses from cyber criminals and secure their future growth.
Jill Broom
Head of Programme, Cyber Resilience
Jill Broom
Head of Cyber Resilience, techUK
Jill leads the techUK Cyber Security programme, having originally joined techUK in October 2020 as a Programme Manager for the Cyber and Central Government programmes. She is responsible for managing techUK's work across the cyber security ecosystem, bringing industry together with key stakeholders across the public and private sectors. Jill also provides the industry secretariat for the Cyber Growth Partnership, the industry and government conduit for supporting the growth of the sector. A key focus of her work is to strengthen the public–private partnership across cyber to support further development of UK cyber security and resilience policy.
Annie Collings
Programme Manager, Cyber Resilience, techUK
Annie is the Programme Manager for Cyber Resilience at techUK. She first joined as the Programme Manager for Cyber Security and Central Government in September 2023.
Cyber Resilience Programme activities
techUK brings together key players across the cyber security sector to promote leading-edge UK capabilities, build networks and grow the sector. techUK members have the opportunity to network, share ideas and collaborate, enabling the industry as a whole to address common challenges and opportunities together. Visit the programme page here.