A new certification will give consumers confidence that business have defences in place to protect against cyber threats
The government has launched a new cyber-security certification, allowing businesses to show consumers that they have measures in place to help defend against common cyber threats, such as the recent Gameover Zeus malware attack .
Until now, there has been no single recognised cybersecurity assurance certification suitable for all businesses to adopt.
The Department for Business Innovation and Skills (BIS) claims that obtaining a Cyber Essentials certification will mean a company can advertise the fact that it takes cybersecurity seriously – boosting its reputation and providing a competitive selling point.
“The recent GOZeuS and CryptoLocker attacks, as well as the eBay hack, show how far cyber criminals will go to steal people’s financial details, and we absolutely cannot afford to be complacent,” said Universities and Science Minister David Willetts.
“Developing this new scheme will give consumers further confidence that business and government have defences in place to protect against the most common cyber threats.”
The scheme is being backed by AIG, Marsh, Swiss Re, the British Insurance Brokers’ Association (BIBA) and the International Underwriting Association, and is available to universities, charities and the public sector, as well as businesses.
BAE Systems, Barclays and Hewlett-Packard are among the first companies applying for the new Cyber Essentials award. Small businesses including Nexor, Tier 3 and Skyscape are also adopting the scheme, as well as the University of Derby, the Confederation of British Industry, the Institute of Risk Management and the Institute of Chartered Accountants in England and Wales.
Recent research by the Federation of Small Businesses found that cyber crime costs small businesses around £800 million every year. To ensure the new award is cost-effective and suitable for smaller businesses there are two levels of assurance available – Cyber Essentials and Cyber Essentials Plus.
From October 1, Government will require all suppliers bidding for certain personal and sensitive contracts which are assessed as higher risk to be Cyber Essentials certified. This will provide further protections for the information the government handles and will encourage adoption of the new scheme more widely, according to BIS.
Commenting on the new Cyber Essentials scheme, Mark Brown, Director of Information Security at Ernst & Young, said this represents another important step to ensure that businesses have the right guidance to deploy effective cyber security standards.
“We know from recent research that a significant proportion of businesses, of all sizes, are not deploying a number of basic security controls leaving them exposed to this increasing threat. The new Cyber Essentials scheme aims to tackle this issue and for the first time provides a framework and certification scheme to assist UK businesses in this area.,” said Brown.
However, he warned that businesses should not view this scheme as a complete solution, as it only addresses the basic controls and is therefore representative of the entry level fundamentals which should be adhered to.
“The scheme does not include guidance around softer non-technical issues such as business risk management, corporate governance of cyber security or employee awareness,” he said. “For best practice we would expect businesses to go above and beyond this scheme and as such a continuing refinement and enhancement of this scheme is required in the long-term from government.”