5 Jun 2014 01:08pm

BIS launches cyber security standard

UK businesses will be able to gain accreditation for having cyber protection in place under a new government scheme

And the government has announced that from 1 October the accreditation will be mandatory for all suppliers bidding for certain government contracts covering sensitive and personal information handling.

Speaking this morning’s launch of the Cyber Essentials scheme, hosted by the ICAEW IT Faculty at Chartered Accountants’ Hall, minister for universities and science David Willetts said that the scheme was the “latest and crucial step in the fight we are all engaged in against cyber attacks”.

The feedback we received convinced us that there needed to be an organisational standard

He said that despite government and industry efforts, including publication of the 10 Steps to Cyber Security Guide, too many organisations, particularly SMEs, remained vulnerable to cyber attacks. “The feedback we received convinced us that there needed to be an organisational standard.”

He pointed to the recent and headline grabbing Ebay hacking and the GOZeus and Crytolocker malware attacks which showed how far cyber criminals would go to steal people’s financial details.

“We cannot afford to be complacent. We already spend more online than any other major country in the world, and this is in no small part because Britain is already a world leader in cybersecurity.

“Developing this new scheme will give consumers further confidence that business and government have defences in place to protect against the most common cyber threats.”

The industry feedback showed that many small businesses were deterred from implementing cyber security plans by time, costs and confusing advice from different bodies. So the Cyber Essentials scheme focuses on five essential mitigation strategies and provides clear guidance on implementation.

BIS is also extending its voucher scheme so that businesses will be able to defray the costs of implementing a cyber security strategy.

The Department for Business, Innovation and Skills argues that the accreditation provides a metric against which businesses can measure their level of cyber security maturity.

It also suggests that accredited businesses will be able to use the certification as a way to differentiate themselves from the crowd and to demonstrate to customers and business partners that they have in place industry-recognised minimum standards.

Willetts said he would like to see Cyber Essentials adopted in organisations of all sizes, which was why the government is introducing two levels of accreditation – Cyber Essentials and Cyber Essentials Plus.

The scheme has been widely welcomed by the business community and a number of companies have already expressed an interest in the certificate. They include BAE Systems, Barclays and Hewlett-Packard.

ICAEW CEO Michael Izza said that the institute was looking to gain the accreditation and other business representative bodies, including the Federation of Small Businesses, the CBI, the British Insurance Brokers' Association and the International Underwriting Association, have thrown their weight behind the campaign.

Julia Irvine


Related articles

ICAEW joins cyber security campaign 

Corporate finance cyber risk warning 

FS firms to increase cyber budget 

Cyber breaches hit hard