New scheme to help businesses defend against cyber threats goes live
5 Jun 2014 12:26 PM
BAE Systems, Barclays
and Hewlett-Packard are amongst the first businesses applying for the new Cyber
Essentials award.
The award will allow business to
show consumers that they have measures in place to help defend against common
cyber threats, such as the recent GOZeuS and CryptoLocker malware
attacks.
The scheme, which goes live
today (5 June 2014), was introduced by the government in April 2014. Until now,
there had been no single recognised cybersecurity assurance certification
suitable for all businesses to adopt.
The Cyber Essentials scheme also
has the backing of insurers, which are offering incentives to businesses to
become certified.
Universities and Science
Minister David Willetts said:
The recent GOZeuS and
CryptoLocker attacks, as well as the Ebay hack, show how far cyber criminals
will go to steal people’s financial details, and we absolutely cannot
afford to be complacent.
We already spend more online
than any other major country in the world, and this is in no small part because
Britain is already a world leader in cybersecurity. Developing this new scheme
will give consumers further confidence that business and government have
defences in place to protect against the most common cyber
threats.
Mike
Cherry, FSB National Policy Chairman said:
FSB research found that
cyber crime costs small businesses around £800 million every year and is
a threat that cannot be ignored. Many businesses take steps to protect
themselves but the cost of crime can act as a barrier to growth. For example,
some businesses refrain from embracing new technology as they fear the
repercussions and do not believe they will get adequate protection from
crime.
In the face of an ever
increasing threat of cyber attacks, the FSB supportsBIS’s Cyber
Essentials Scheme as an additional and important tool, designed to help reduce
the risk to small firms and improve the resilience of the
sector.
Small businesses including
Nexor, Tier 3 and Skyscape are adopting the scheme, as well as the University
of Derby, the Confederation of British Industry, the Institute of Risk
Management and the Institute of Chartered Accountants in England and
Wales.
From 1 October 2014, government
will require all suppliers bidding for certain personal and sensitive
information handling contracts to be Cyber Essentials certified. This will
provide further protections for the information the government handles and will
encourage adoption of the new scheme more widely.
The scheme is a key objective of
the government’s National Cyber Security Strategy and is being delivered
as part of the government’s £860 million National Cyber Security
Programme.
Jamie Bouloux, Cyber Liability
Underwriting Manager of insurance firm AIG said:
AIG is pleased to support the
Cyber Essentials Scheme, which provides an effective way for organisations to
manage essential cybersecurity risks. As part of our commitment to the
programme, we will incorporate Cyber Essentials into our risk assessment
process for new cyber insurance policies, offering preferential rates to those
prospective AIG clients who have obtained a Cyber Essentials Certificate as
part of our commitment to superior cyber hygiene and overall cyber risk
management.
Mark Weil, Chief Executive of
insurers Marsh UK and Ireland said:
As a global leader in insurance
broking and risk management, Marsh designs and delivers solutions that enable
companies to protect themselves against cyber risks. We welcome this new
government initiative to improve security practice to an accredited standard
and believe it will make insurance more attainable for UK
businesses.
To ensure the new Award is
cost-effective and suitable for smaller businesses there are two levels of
assurance available, Cyber Essentials and Cyber Essentials Plus. The scheme is
also available to universities, charities and the public
sector.
Guidance on meeting the Cyber Essentials
requirements can be downloaded for free for organisations to
self-assess themselves ahead of gaining formal certification.
Notes to
editors
- Obtaining a Cyber Essentials
Badge will mean a company can advertise the fact that it takes cybersecurity
seriously – boosting reputations and providing a competitive selling
point.
- Cyber Essentials has been
developed in close consultation with industry to provide businesses with
clarity on good cyber practice.
- The scheme is being backed by
AIG, Marsh, Swiss Re, the British Insurance Brokers’ Association (BIBA)
and the International Underwriting Association.
- From 1 October 2014, government
will require all suppliers bidding for certain personal and sensitive contracts
which are assessed as higher risk to be Cyber Essentials certified. The
suppliers and contracts affected are likely to be from the following sectors:
IT Managed or Outsourced services, commercial services, financial services,
legal services, HR services and business services. Further guidance for
suppliers will be issued in late summer.
- Information on protections in
relation to the recent attacks is available on‘Get Safe
Online’ as well as CERT-UK. GovCERT sends warning and alerts to government departments
on cyber threats