Tech lawyer warns new Cyber Bill provides ‘no real security guarantee’

The government’s newly announced legislation aimed at bolstering the cyber resilience of critical national services offers “no guarantee of security,” according to a technology law expert.

The proposed Cyber Security and Resilience Bill, if enacted, would introduce new regulatory requirements for IT providers supporting essential services such as the NHS and the national energy grid. The bill comes in response to the growing wave of cyber threats targeting both public and private sector organisations, many of which face escalating risks of disruptive and costly data breaches.

However, Kristina Holt, managing associate at law firm Foot Anstey, cautioned that the legislation “is by no means a guarantee of security or certainty.”

“The introduction of this Bill is by no means a guarantee of security or certainty, particularly in terms of enforcement and due diligence,” Holt said. “For it to be truly effective, substantial resources must be allocated towards enforcement. Without this, the Bill’s full potential could be severely limited.”

While Holt welcomed the government’s attempt to shift away from its traditionally “reactive approach” to cyber incidents, she warned that the burden would largely fall on businesses. Firms could soon find themselves under tighter regulatory oversight, facing heavier compliance demands and potential penalties for breaches.

“Businesses will need to navigate through the fog of new compliance requirements and shoulder the increased responsibility and obligations that come with them,” she added.

Holt stressed that meaningful progress would depend on collaboration between policymakers and industry professionals actively combating cyber threats.

“Real improvement will only come through consultation with those working on the frontlines of cybersecurity,” she said. “It’s no surprise that technological legislation brings complexity, so the government must ensure these challenges are manageable. Industry insight is vital for developing practical, enforceable rules that balance the interests of both the public and businesses.”