Question to the Department for Business and Trade:

To ask the Secretary of State for Business and Trade, if he will make an assessment of the potential merits of including measures to require boards to report on cyber resilience in the draft Audit Reform and Corporate Governance Bill.

All large and medium-sized companies are already required to report on their material risks within their annual strategic report, including on cyber risk where this is a material risk. Recognising the important strategic role that boards of directors play in risk management, the Government intends to launch a Cyber Governance Code of Practice, and cyber governance training, to support boards in governing cyber risks and building cyber resilience. We will bring forward the draft Audit Reform and Corporate Governance Bill shortly, with which we intend to provide the audit and governance regulator with important new powers and objectives relating to the audit and reporting duties of directors.