| answer text |
<p>Reporting of cyber and digital risks and incidents is critical to the UK’s cyber
resilience, supporting our ability to monitor, mitigate, and respond to threats to
our economy and society. Reporting is also important in helping businesses and organisations
adequately understand the broader threat and assess the risks to their own operations.</p><p>Statutory
incident reporting requirements vary across sectors, depending on the applicable legislation.
For example, organisations which process personal data for general purposes must comply
with the breach reporting requirements in the UK GDPR. In the telecoms sector, the
Telecommunications (Security) Act introduced a new telecoms security framework, and
includes detailed requirements for public telecoms providers to identify and reduce
the risks of security compromises, including cyber attacks.</p><p>Organisations which
provide services that are critical for the provision of essential services (such as
transport, energy, water, health, and digital infrastructure services) must comply
with the Network and Information Systems (NIS) Regulations 2018. In November 2022
the government also announced its intention to strengthen the NIS Regulations, including
requiring essential and digital services to report a wider range of cyber incidents
to regulators.</p>
|
|
