Whitehall mulls new procurement rules to boost cyber security

18 November 2021

New procurement rules to ensure the public sector buys digital services from firms with good cyber security are among options being considered by the UK government.

Under plans to strengthen the security of digital supply chains, minimum requirements could be set in public procurement, with legislation updated on security standards and certification or assurances marks introduced.

Responding to a consultation response the government outlined the preliminary policy options intended to incentivise an uptake of any future industry security baseline and drive good cyber security practices more broadly.

The proposals included:

Establishing a certification or assurance mark to guide customers in procuring managed services;

Setting minimum requirements in public procurement. This could be based on an assurance mark. This would promote uptake of the expected security standards and enable consistent procurement practices across the government, with security appropriately valued and embedded into decision-making;

Developing education and awareness campaigns aimed at managed service providers’ customers.

The government published survey results, involving chairs, CEOs and directors of top UK companies, that showed 91% saw cyber threats as a high or very high risk to their business.

More than two-thirds (69%) said their organisation actively managed supply chain cyber risks but almost a third were not taking action.

The research identified barriers to effective supply chain cyber security risk management as:

1. Low recognition of supplier risk, cited by 90% of respondents

2. Limited visibility into supply chains (98%)

3. Insufficient expertise to evaluate supplier cyber security risk (89%) 

4. Insufficient tools to evaluate supplier cyber security risk (86%)

5. Limitations to taking action due to structural imbalances (73%)

Julia Lopez, minister for media, data and digital infrastructure, said: “We are taking the next steps in our mission to help firms strengthen their cyber security and encouraging firms across the UK to follow the advice and guidance from the National Cyber Security Centre to secure their businesses’ digital footprint and protect their sensitive data.”

The government said it would now develop more detailed policy proposals and launch a new national cyber strategy later this year.

 ☛ Want to stay up to date with the news? Sign up to our daily bulletin. 

This position can be based at our headquarters in Dover or any one of our overseas offices.
Between £50,000 - £60,000 depending on experience
Megger Group
East London
East London Waste Authority
CIPS Knowledge
Find out more with CIPS Knowledge:
  • best practice insights
  • guidance
  • tools and templates