No Small Task
Scott Nicholson, co-CEO, Bridewell Consulting, said he welcomed the proposed improvements to the regulation.
“In particular, bringing MSPs into scope of the regulatory framework, given the substantial risk they can propose to the UK’s critical national infrastructure,” he said.
Nicholson added that MSPs often deliver complex activities that require high levels of access. However, “this has long been a risk that is either misunderstood or under regulated.
“It’s clear that scale of the infrastructure and services that require protection is huge and something that is no small task when security has not always been inherent in the design,” he said.
Nicholson noted that many organisations have different perceptions on the level of risk posed by MSPs.
“But the proposed changes will take that decision making away from each Operator of Essential Service (OES). [It will] ensure all MSPs have an appropriate cybersecurity control in place to reduce the risk of compromising their customers,” he said.
“Given the major acquisition and consolidation we have seen over the years, these changes will add to the complexity of the work MSPs need to undertake. Many will be looking for support from trusted cybersecurity partners to help,” Nicholson added.
