Regulatory Outlook

Cyber security | UK Regulatory Outlook March 2025

Published on 26th March 2025

Government response to call for views on software vendors' code of practice | DSIT survey into cyber security behaviours of large UK organisations | 

How to achieve the right balance of cyber risk and delivery reward

Government response to call for views on code of practice for software vendors

As previously reported, the government published a voluntary code of practice and related call for views for software vendors in May 2024, establishing a set of voluntary security and resilience measures for organisations developing or selling software used by businesses.

The government has now responded to its call for views, stating that minor revisions will be made to the code before it is published in 2025. The revised version will reflect feedback received on the code, including further refining the accompanying technical controls and implementation guidance, as well as developing an attestation method and assurance regime to allow software vendors to demonstrate compliance with the code. 

For more information on the government's work to improve the security and resilience of software, see our previous Regulatory Outlook on the AI cyber security code of practice.

DSIT survey details cyber security behaviours of large UK organisations

The Department for Science, Innovation and Technology (DSIT) published the results from wave four of the Cyber Security Longitudinal Survey. The study tracks the cyber security behaviours of organisations to understand how their experiences change over time.

The survey found that a majority of medium and large organisations (79% of businesses) were affected by cyber security incidents in the past year. The most common types of threat being phishing, impersonation scams and online business banking account compromise.

Although almost half of large businesses stated that they had increased their cyber security budgets over the past year, monitoring supply chain security and cyber security practices of suppliers continue to be a lower priority for organisations. The number of businesses that formally assess or manage their suppliers has decreased from 28% in wave three to 23% in wave four, despite the rising threat of supply chain cyber risks. The report suggests that larger businesses continue to remain more aware of the need to stay ahead of cyber threats and invest accordingly.

Share

View the full Regulatory Outlook

Interested in hearing more? Expand to read the other articles in our Regulatory Outlook series

Expand
Receive Regulatory Outlook each month

A round-up of forthcoming regulatory developments – straight to your inbox

* This article is current as of the date of its publication and does not necessarily reflect the present state of the law or relevant regulation.

Interested in hearing more from Osborne Clarke?