Part of Cyber security guide for non-executive directors
Additional help
New code of practice
A new code of practice was published in April 2025. Published jointly by DSIT (Department for Science, Innovation and Technology) and NCSC (National Cyber Security Centre). It has been created to support boards and directors in governing cyber security risks and can be found at Cyber Governance Code of Practice - policy paper.
Regional contacts
Each region has a dedicated NHS cyber security SME (subject matter expert) and NHS England’s regional security leads, who will be happy to provide you with advice and guidance on relevant issues. As they will already be working with your cyber and IT teams, they will know your organisation and will provide tailored and relevant support. Email [email protected] if you would like them to get in touch.
| Region | Regional security lead | |
|---|---|---|
| North West | Chris Quinn | [email protected] |
|
North East and Yorkshire |
Matthew Lutkin | [email protected] |
| Midlands | Victoria Axon | [email protected] |
| East of England | Mark Dimock | [email protected] |
| London | Peter Hartley | [email protected] |
| South West | Ian Fletcher | [email protected] |
| South East | Daniel Oliver | [email protected] |
This team is overseen by Steven Shaw - [email protected].
Cyber Executives Network
NHS England hosts the Cyber Executives Network and it is recommended NHS NEDs join to share best practice, seek peer support from other NHS NEDs and feedback to the centre. Join via the Cyber Associates Network (CAN) by contacting [email protected].
External agencies
Depending on the severity/scale of your cyber incident, as part of your incident response, you may need/consider contact with, or the requirements of, the following agencies:
NHS England Digital website
The NHS England Digital website includes the latest cyber alerts, awareness materials and a variety of guidance and resources.
Last edited: 16 July 2025 12:46 pm