The UK Government has decided not to introduce regulations for cyber security standards after concluding its ‘Embedding Standards and Pathways Across the Cyber Profession by 2025’ consultation.
Conducted by the Department for Digital, Culture, Media and Sport (DCMS), the consultation ran in partnership with the UK Cyber Security Council, lasting for eight weeks from 19th January 2022.
The investigation engaged with key stakeholders across industry, academia, and the wider UK business and public sector to ascertain how it could support the uptake of the council’s standards.
That included exploring whether there was a requirement for regulation to be introduced to support the Council as it introduces new chartered standards for the industry. It also aimed to determine whether a register for chartered practitioners should be created, be it voluntary or mandatory.
It concluded that no regulation will be introduced at this point, stating that respondents generally opposed the idea of intervention. However, the Government said it will “continue to do all it can to provide support to the Council” and will “engage closely with regulators and industry to secure similar support.”
“I welcome the government’s response to the consultation, and I would like once again to thank all of those who contributed their views,” commented Simon Hepburn, CEO of the UK Cyber Security Council.
“The response allows the Council to take the lead in working with key stakeholders to achieve the aim, set out in the National Cyber Strategy, of creating a world-class, diverse cyber security profession.”
Hepburn noted that the consultation was key in identifying the key challenges faced by stakeholders, enabling the Council to create solutions to help address those issues.
Between now and 2025, the Cyber Security Council will introduce chartered standards that have been designed to align with 16 cyber security specialisms. The Government will then track its adoption and continue to assess whether regulatory intervention is required to support uptake.
As part of these plans, the Council will create a voluntary register that lists individuals accredited as either associate, principal, and chartered level.
“Observations were rightly raised about the complex nature of career routes into cyber security; the myriad of cyber qualifications, certifications and degree standards which exist without any uniform equivalency; and the challenges this creates for employers when it comes to assessing candidate suitability,” Hepburn continued.
“By introducing universal chartered professional standards aligned to 16 recognised cyber security specialisms and working with awarding bodies to align these to existing qualifications, we are confident we can create the clear framework needed to ensure the UK cultivates a world-leading cyber sector.”
By creating this voluntary register, he added that the Council will “help build further recognition, confidence and clarity across the industry” for both employers and employees.
“With the government’s response to the consultation confirming a staged approach is preferred, through which the sector has the opportunity to collaborate in the development of a diverse, accessible and ethical profession, it’s now time for us all to work together to create an environment in which cyber expertise across the UK can really flourish,” he said.
