New scheme to help businesses defend against cyber threats goes live
This was published under the 2010 to 2015 Conservative and Liberal Democrat coalition government
BAE Systems, Barclays and Hewlett-Packard are amongst the first businesses applying for the new Cyber Essentials award.
The award will allow business to show consumers that they have measures in place to help defend against common cyber threats, such as the recent GOZeuS and CryptoLocker malware attacks.
The scheme, which goes live today (5 June 2014), was introduced by the government in April 2014. Until now, there had been no single recognised cybersecurity assurance certification suitable for all businesses to adopt.
The Cyber Essentials scheme also has the backing of insurers, which are offering incentives to businesses to become certified.
Universities and Science Minister David Willetts said:
The recent GOZeuS and CryptoLocker attacks, as well as the Ebay hack, show how far cyber criminals will go to steal people’s financial details, and we absolutely cannot afford to be complacent.
We already spend more online than any other major country in the world, and this is in no small part because Britain is already a world leader in cybersecurity. Developing this new scheme will give consumers further confidence that business and government have defences in place to protect against the most common cyber threats.
Mike Cherry, FSB National Policy Chairman said:
FSB research found that cyber crime costs small businesses around £800 million every year and is a threat that cannot be ignored. Many businesses take steps to protect themselves but the cost of crime can act as a barrier to growth. For example, some businesses refrain from embracing new technology as they fear the repercussions and do not believe they will get adequate protection from crime.
In the face of an ever increasing threat of cyber attacks, the FSB supports BIS’s Cyber Essentials Scheme as an additional and important tool, designed to help reduce the risk to small firms and improve the resilience of the sector.
Small businesses including Nexor, Tier 3 and Skyscape are adopting the scheme, as well as the University of Derby, the Confederation of British Industry, the Institute of Risk Management and the Institute of Chartered Accountants in England and Wales.
From 1 October 2014, government will require all suppliers bidding for certain personal and sensitive information handling contracts to be Cyber Essentials certified. This will provide further protections for the information the government handles and will encourage adoption of the new scheme more widely.
The scheme is a key objective of the government’s National Cyber Security Strategy and is being delivered as part of the government’s £860 million National Cyber Security Programme.
Jamie Bouloux, Cyber Liability Underwriting Manager of insurance firm AIG said:
AIG is pleased to support the Cyber Essentials Scheme, which provides an effective way for organisations to manage essential cybersecurity risks. As part of our commitment to the programme, we will incorporate Cyber Essentials into our risk assessment process for new cyber insurance policies, offering preferential rates to those prospective AIG clients who have obtained a Cyber Essentials Certificate as part of our commitment to superior cyber hygiene and overall cyber risk management.
Mark Weil, Chief Executive of insurance broker Marsh UK and Ireland, said:
As a global leader in insurance broking and risk management, Marsh designs and delivers solutions that enable companies to protect themselves against cyber risks. We welcome this new government initiative to improve security practice to an accredited standard and believe it will make insurance more attainable for UK businesses.
To ensure the new Award is cost-effective and suitable for smaller businesses there are two levels of assurance available, Cyber Essentials and Cyber Essentials Plus. The scheme is also available to universities, charities and the public sector.
Guidance on meeting the Cyber Essentials requirements can be downloaded for free for organisations to self-assess themselves ahead of gaining formal certification.
Notes to editors
- Obtaining a Cyber Essentials Badge will mean a company can advertise the fact that it takes cybersecurity seriously – boosting reputations and providing a competitive selling point.
- Cyber Essentials has been developed in close consultation with industry to provide businesses with clarity on good cyber practice.
- The scheme is being backed by AIG, Marsh, Swiss Re, the British Insurance Brokers’ Association (BIBA) and the International Underwriting Association.
- From 1 October 2014, government will require all suppliers bidding for certain contracts which are assessed as higher risk to be Cyber Essentials certified. The suppliers and contracts affected are likely to be from the following sectors: IT managed or outsourced services, commercial services, financial services, legal services, HR services and business services. This will not be mandatory for suppliers through G-Cloud or the Digital Services Framework. Further guidance for suppliers will be issued later this year.
- Information on protections in relation to the recent attacks is available on ‘Get Safe Online’ as well as CERT-UK. Further information on how businesses can protect themselves online is available at Cyber Street.