A Cyber Essentials award has gone live. BAE Systems, Barclays and Hewlett-Packard are amongst the first businesses applying. The award will allow business to show consumers that they have measures in place to help defend against common cyber threats, such as the recent GOZeuS and CryptoLocker malware attacks.
The scheme was introduced by the Coalition Government in April 2014. Until now, there had been no single recognised cyber-security assurance certification suitable for all businesses to adopt. Some insurers are offering incentives to businesses to become certified.
Universities and Science Minister David Willetts, pictured, said: “The recent GOZeuS and CryptoLocker attacks, as well as the Ebay hack, show how far cyber criminals will go to steal people’s financial details, and we absolutely cannot afford to be complacent. We already spend more online than any other major country in the world, and this is in no small part because Britain is already a world leader in cybersecurity. Developing this new scheme will give consumers further confidence that business and government have defences in place to protect against the most common cyber threats.”
At the Federation of Small Businesses, Mike Cherry, FSB National Policy Chairman said: “FSB research found that cyber crime costs small businesses around £800 million every year and is a threat that cannot be ignored. Many businesses take steps to protect themselves but the cost of crime can act as a barrier to growth. For example, some businesses refrain from embracing new technology as they fear the repercussions and do not believe they will get adequate protection from crime. In the face of an ever increasing threat of cyber attacks, the FSB supports BIS’s Cyber Essentials Scheme as an additional and important tool, designed to help reduce the risk to small firms and improve the resilience of the sector.”
Small businesses including Nexor, Tier 3 and Skyscape are adopting the scheme, as well as the University of Derby, the Confederation of British Industry, the Institute of Risk Management and the Institute of Chartered Accountants in England and Wales.
From October 1, government will require all suppliers bidding for certain personal and sensitive information handling contracts to be Cyber Essentials certified. According to the Coalition this will provide further protections for the information the government handles and will encourage adoption of the new scheme more widely.
The scheme is a part of the government’s National Cyber Security Strategy and is being delivered as part of the government’s £860m National Cyber Security Programme.
Jamie Bouloux, Cyber Liability Underwriting Manager of insurance firm AIG said: “AIG is pleased to support the Cyber Essentials Scheme, which provides an effective way for organisations to manage essential cybersecurity risks. As part of our commitment to the programme, we will incorporate Cyber Essentials into our risk assessment process for new cyber insurance policies, offering preferential rates to those prospective AIG clients who have obtained a Cyber Essentials Certificate as part of our commitment to superior cyber hygiene and overall cyber risk management.”
And Mark Weil, Chief Executive of insurers Marsh UK and Ireland said: “As a global leader in insurance broking and risk management, Marsh designs and delivers solutions that enable companies to protect themselves against cyber risks. We welcome this new government initiative to improve security practice to an accredited standard and believe it will make insurance more attainable for UK businesses.” So the new award is cost-effective and suitable for smaller businesses there are two levels of assurance available, Cyber Essentials and Cyber Essentials Plus, the Government adds. The scheme is also available to universities, charities and the public sector.
Guidance on meeting the Cyber Essentials requirements can be downloaded for free for organisations to self-assess themselves ahead of gaining formal certification. Visit https://www.cyberstreetwise.com/cyberessentials.
Comment
Graeme Stewart, Director of Public Sector Strategy and Government Relations at IT security product company McAfee, said: “More direction from government on ensuring basic levels of security is hugely welcome, but we hope this is a first step in going much further. Some of the biggest problems relate to user awareness and data shared outside the organisation – if this programme were to evolve to incorporate these issues it would be a really powerful tool. The government will require certain suppliers to hold this certification as of November and we hope companies will follow suit. This sets an extremely important precedent about our expectations of doing business securely – but an even stronger certification encompassing secure data sharing and employee awareness policies would be even more powerful.”
