Question to the Department for Science, Innovation & Technology:

To ask His Majesty's Government what steps they are taking to prevent cybercriminals from exploiting vulnerabilities in UK firms' cybersecurity software.

Software is a key driver of growth across the UK, and a fundamental building block of the digital economy. However, this has also increased its appeal to malicious actors. The Government is committed to strengthening the resilience of UK businesses and organisations, and it is a key pillar of the 2022 National Cyber Security Strategy.

The UK is already making significant progress in the area of cybersecurity. The UK Product Security and Telecommunications Infrastructure (PSTI) Act is raising standards of device security for consumers and organisations and the Network and Information Systems (NIS) Regulations are being updated to ensure that critical digital service providers have thorough security practices. These complement ongoing work by the National Cyber Security Centre to provide technical advice to the Government, critical national infrastructure and organisations across the UK.

In February, the Department for Science, Innovation and Technology published a call for views on software resilience and security for businesses and organisations. This sought views on the key risks and challenges around software security, and where the Government should focus on mitigating them.

The call for views closed on 1 May, and the department is currently analysing the responses. These will inform the design of a set of policies to further address risks linked to software. The Government will be setting out its next steps in the summer.