Question to the Department for Science, Innovation & Technology:

To ask the Secretary of State for Science, Innovation and Technology, if he will make an assessment of the potential merits of bringing forward legislative proposals to require employers to provide cyber security training, in the context of the recent cyber security incidents in the retail sector.

The cyber security of the UK economy is a priority, which is why the government already offers free cyber security training via the National Cyber Security Centre website. This includes the “Top Tips for Staff”, an online, accessible cyber security training package for organisations of all sizes and sectors, and the new Cyber Governance Code of Practice, which includes a training package to help boards and directors manage digital risks in their organisations. More widely, the government offers a range of guidance to help organisations improve their cyber resilience and many of these products recommend staff training. Existing legislation - including the Security of Network & Information Systems Regulations (2018) and the Data Protection Act (2018) - includes recommendations for organisations in scope to provide appropriate training for their staff. This year we will introduce the Cyber Security and Resilience Bill to improve UK cyber defences and better secure our essential services and the IT infrastructure they rely upon. Later this year, the government will publish a new National Cyber Strategy setting out how we will approach the challenges and opportunities of cyber security.