Cyber is a boardroom issue: why the new UK Cyber Governance Code of Practice matters
Cyber threats cost the UK economy billions annually. The new Code gives board members the clarity and structure needed to respond confidently—embedding cyber into the heart of governance and decision-making.
With today’s launch of the UK Government’s Cyber Governance Code of Practice, a new era begins for how boards are expected to lead on cyber.
As CEO of NEDonBoard, Institute of Board Members, I am proud of the role our organisation has played in shaping this vital guidance and supporting the national effort to equip UK boards with the tools to strengthen their cyber oversight.
A national framework for cyber leadership
Published by the Department for Science, Innovation and Technology (DSIT) in partnership with the National Cyber Security Centre (NCSC), the Cyber Governance package includes:
- A Code of Practice outlining actions boards should take to manage cyber risk effectively
- Cyber training modules designed specifically for board members and non-executive directors, which NEDonBoard helps shape, as well as support materials.
This framework is a powerful signal to UK businesses: cyber risk should be governed from the top.
Elevating the NED voice
At NEDonBoard, we have long championed cyber governance. We have engaged on this topic together with the NCSC since 2019 and more recently worked directly with DSIT as a key stakeholder to help shape the Cyber Governance package ensuring it is most relevant and useful to the board audience. Our contribution has included:
- Nomination of expert NED representatives to DSIT-led workshops, ensuring that a real-world board perspective shaped the Code and its implementation tools;
- Surveying NEDonBoard members to assess the value of pilot cyber training modules;
- Raising awareness among our community and encouraging participation in public consultations;
- Ongoing engagement in shaping cyber governance commitments and participating in national events later this year
The result is a Code that is not only timely, but also practical and relevant for the boardroom.
Why this matters to you as a board member
The statistics are stark:
- 74% of large businesses and 70% of medium-sized firms experienced a cyber breach last year
- A third of large businesses lack a formal cyber strategy
- Nearly half of medium-sized businesses have no incident response plan
Going further: the Board Digital Leadership Certificate by NEDonBoard, Institute of Board Members
At NEDonBoard, our mission is to equip board members with the knowledge and professionalism to lead effectively. That is why we developed the Board Digital Leadership Certificate—a practical, expert-led course that covers digital transformation, cybersecurity, AI, and more.
It complements the Cyber Governance Code, offering boards a robust foundation to implement the Code’s principles and stay ahead of evolving risks.
📌 Explore the Board Digital Leadership Certificate →
A leadership imperative
As the professional body for board members, we welcome the UK Government’s leadership in this space. We are proud to have contributed to developing this national framework and will continue supporting directors and boards in their journey to cyber maturity.
Cyber resilience begins at the top. We urge board members and non-executive directors to:
- Read and adopt the Cyber Governance Code of Practice
- Share this with your fellow board members
- Invest in your own digital upskilling as part of your professional duty. Board Digital Leadership Certificate
If you’re a board member or care about better governance, share this post to help spread the word. Let’s ensure every UK boardroom is aware of the new Code and equipped to lead on cyber. Let’s turn awareness into action
