Cyber rules are coming. Directors should have a say in how they are written
The DPMC’s cyber consultation raises a key question: when does director liability lift standards and when does it undermine governance?
Boardroom Premium
IoD seeks member feedback on draft cybersecurity submission
Draft submission backs stronger cyber regime but calls for clear board roles and caution on director liability.
The Institute of Directors has published a draft submission on DPMC’s consultation on cybersecurity for critical infrastructure and is seeking member feedback before finalising its position. We support the case for a stronger regime and stronger cyber governance, but consider the proposed framework needs to be designed carefully if it is to improve resilience in practice.
The draft submission argues that the primary compliance duty should sit with the entity, with the board’s role framed clearly around oversight and assurance rather than implementation. It supports minimum standards, practical guidance and staged enforcement, while raising concerns about proposed personal criminal liability for directors in a regime that is new, broad and heavily dependent on judgement.
Read this article on why directors should pay close attention to the consultation.
Related content
