{"id":240735,"date":"2026-07-06T11:05:00","date_gmt":"2026-07-06T15:05:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/07\/06\/the-cyber-security-and-resilience-bill-practical-steps-to-prepare-your-business\/"},"modified":"2026-07-06T11:40:09","modified_gmt":"2026-07-06T15:40:09","slug":"the-cyber-security-and-resilience-bill-practical-steps-to-prepare-your-business","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/07\/06\/the-cyber-security-and-resilience-bill-practical-steps-to-prepare-your-business\/","title":{"rendered":"The cyber security and resilience bill: Practical steps to prepare your business"},"content":{"rendered":"<p><a href=\"https:\/\/www.openaccessgovernment.org\/the-cyber-security-and-resilience-bill-practical-steps-to-prepare-your-business\/211211\/\">The cyber security and resilience bill: Practical steps to prepare your business<\/a><\/p>\n<p><a href=\"https:\/\/www.openaccessgovernment.org\/the-cyber-security-and-resilience-bill-practical-steps-to-prepare-your-business\/211211\/\">https:\/\/www.openaccessgovernment.org\/the-cyber-security-and-resilience-bill-practical-steps-to-prepare-your-business\/211211\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-07-06 11:05:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.openaccessgovernment.org\">www.openaccessgovernment.org<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points.<br \/>\n            Image: \u00a9 Alexander Sikov | iStock<br \/>\n            Andrew Ingram, Director of High Tide Group, discusses the implications of the new Cyber Security and Resilience Bill for organisations of all sizes and outlines practical steps to take as cyber security transitions from good advice to legal obligation<br \/>\nAs I write, the Cyber Security and Resilience Bill is completing its passage through the House of Commons, having reached its report stage and third reading this June. It is the most significant overhaul of the UK\u2019s cyber security law since 2018, and it deserves the attention of every organisation, not just the large ones it appears to target. In my first two pieces I touched on the direction of travel; here I want to set out what the Bill actually changes, and the practical steps you can take now.<br \/>\nWhat the Cyber Security and Resilience Bill changes<br \/>\nThe Bill updates the ageing Network and Information Systems Regulations of 2018, which were widely felt to have fallen behind the threats we now face. The headline changes are significant. For the first time, managed service providers like us are brought directly into scope, with a duty to register with the regulator and to maintain appropriate, proportionate security. Data centres and cloud platforms are recognised as essential services in their own right. There are stronger expectations around supply chains, faster reporting of serious incidents, and a firmer footing for the National Cyber Security Centre\u2019s Cyber Assessment Framework. In short, the Government is trying to harden the whole digital ecosystem, not just the obvious targets.<br \/>\nWhy it reaches smaller organisations<br \/>\nYou might read all of that and conclude it has nothing to do with you. That would be a mistake. Even if your organisation is never directly regulated, the new duties on larger bodies \u2013 councils, NHS trusts, big corporates \u2013 will flow straight down to their suppliers as contract clauses and security questionnaires. We are already seeing the question change from \u201care you certified?\u201d to \u201ccan you prove your suppliers are too?\u201d Cyber Essentials remains the sensible place to start: it isn\u2019t the finish line, but it forces the basics into place and is fast becoming the price of entry for doing business at all.<br \/>\nBusiness continuity<br \/>\nContinuity and resilience sit at the heart of the Bill, and this is the area I\u2019m asked about most. The most useful exercise costs nothing: sit your team down and ask what you would actually do if every screen in the building went dark tomorrow morning. Is your IT provider\u2019s number saved only in the system you can no longer reach? Does anyone have the authority to declare an incident and start the plan? A good plan is short, printed, and known to more than one person. Helen, our CFO, leads on continuity for us, and that\u2019s deliberate: it\u2019s a business risk, not a server problem, and it shouldn\u2019t live solely with the IT department.<br \/>\nBackups, and the reporting clock<br \/>\nBackups alone are not resilience. Modern ransomware can sit quietly in a network for weeks, even months, before it triggers, which means the backups you\u2019ve been dutifully taking may already carry the infection. Keep at least one copy isolated, so it can\u2019t be encrypted along with everything else, and test your restores \u2013 a backup you have never recovered from is a hope, not a safeguard. This matters all the more because the Bill points towards faster reporting of serious incidents, within a day or two rather than a leisurely week. You can only report quickly, and recover with confidence, if you already know what good looks like.<br \/>\nYour people<br \/>\nFaster reporting only works if staff feel able to speak up the moment something looks wrong. We always advocate a no-blame culture: no one should be punished for being honest. The organisations that come through an incident well are almost always the ones where reporting a suspicious email is met with thanks, not a telling-off.<br \/>\nNone of this requires a vast budget. The Bill is, in my view, an overdue and welcome step, and the businesses that treat it as a prompt to get the basics right \u2013 rather than a box to tick grudgingly \u2013 will be the ones still standing when, not if, their turn comes. In the coming months, we\u2019ll look in more detail at what compliance looks like in practice, and how to prepare without breaking the bank.<br \/>\nPlease note: This is a commercial profile<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The cyber security and resilience bill: Practical steps to prepare your business https:\/\/www.openaccessgovernment.org\/the-cyber-security-and-resilience-bill-practical-steps-to-prepare-your-business\/211211\/ Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":240736,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.openaccessgovernment.org\/wp-content\/uploads\/2026\/07\/iStock-2168316748-scaled.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[],"class_list":["post-240735","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/240735"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=240735"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/240735\/revisions"}],"predecessor-version":[{"id":240737,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/240735\/revisions\/240737"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/240736"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=240735"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=240735"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=240735"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}