The National Cyber Security Centre (NCSC) has published two new free e-learning packages that will help organisations to effectively manage the cyber security risks across their supply chains.

The e-learning packages supplement the NCSC's current guidance on mapping supply chains and gaining confidence in supply chain cyber security.

A recent survey conducted by the Department for Science, Innovation & Technology, showed that just over one in ten businesses reviewed the risks of their immediate suppliers (13%), with this number halving when the wider supply chain is taken into consideration (7%). The consequences of cyber attacks from supply chain vulnerabilities can be financially devastating for organisations, their supply chains and their customers.

NCSC's guidance describes practical steps to help organisations better assess cyber security in their supply chains. It’s aimed at medium to large organisations who need to gain confidence or assurance that mitigations are in place for vulnerabilities associated with working with suppliers.

It will be of most use to procurement specialists, risk managers and cyber security professionals wanting to establish (or improve) an approach for assessing the cyber security of their organisation’s supply chain. These new e-learning modules therefore allow them to see the process of recording, storing and using data gathered from suppliers involved in the supply chain, as well as practical steps to help assess cyber security of their supply chains. The packages are also available to integrate within an organisation's training platform, making the guidance much more accessible.

The Committee of Advertising Practice (CAP) and The Broadcast Committee of Advertising Practice (BCAP) have published new guidance on the presentation of mid-contract price increases in advertisements by telecom providers to help provide consumers with more protection.

Many mobile and broadband providers include clauses in their contracts that allow for an annual increase on the initial price, commonly inflation plus a specific percentage. This means that consumers are then faced with an unknown increase to their monthly bill mid-contract. For example, this year, some providers have increased their monthly prices by more than 17%.

To avoid creating a misleading impression that the initial price will remain throughout the contract, new guidance has been produced which suggests:

• telecom providers should not state or imply that a price will apply for the contract's full minimum term if that is not the case – for example wording such as ‘fixed’ or ‘£X for X months’ is likely to mislead if the price is due to rise before the end of the minimum term;
• when advertising the monthly price, providers should include details of how any price increases will be calculated prominently, relative to how the initial price is advertised;
• providers should spell out clearly what is meant by RPI and what rate of inflation will be applied to the rate increase;
• consumers should be given the full amount of the increase once the relative rate is known; and
• it should be made clear to consumers how other linked services will be affected if a consumer terminates a variable contract due to a price increase.

The guidance will apply from 15 December 2023.

Whilst this new guidance doesn't mean that providers can no longer increase their monthly prices, it is giving consumers a better tool to compare the deals offered by different providers. This guidance is linked to a review initiated by Ofcom this year to assess what impact inflation-linked price rise terms have on consumers and on the functioning of the mobile market. It is also reflective of the enhanced consumer protections in the mobile market that have been introduced by the European Electronic Communications Code, which the UK has implemented in part post-Brexit, and this trend of stronger consumer protection is likely to continue when the Digital Markets, Competition and Consumers Bill 2022-23 will be adopted.