Tag Archives: Cyber Governance

Directors and Cyber Governance: My Practitioner’s Response to DSIT’s Consultation

Leave a Reply

This article revisits my practitioner-led response to DSIT’s 2024 consultation on the Cyber Governance Code of Practice. It highlights key issues I raised: supply chain risk, flaws in self-attestation, tool overload, lack of incentives, and the need for continuous governance. The argument is simple: cyber resilience belongs in the boardroom, but only if policy is grounded in practice.

Continue reading

Before the DSIT Cyber Governance Code of Practice: What the Consultation Proposed

Leave a Reply

The DSIT Cyber Governance Code of Practice consultation (Jan 2024) proposed five principles for boards: risk management, strategy, people, incident response, and assurance. But it left key gaps: no incentives, little for SMEs, no professional recognition, and weak thinking on assurance. This article argues the consultation was historic, but incomplete — a foundation that required sharper, practitioner-led input.

Continue reading