The government has said it will be pushing for more companies to gain certification to the Cyber Essentials scheme. The scheme is backed by the government and contains five key controls that, when implemented correctly, can prevent the majority of cyber-attacks.
Matt Hancock, the Minister for Digital and Culture, was speaking at the Cyber Security Summit at the Institute of Directors in London in March.
“Numbers are really starting to grow,” he said. “Already, we’ve awarded more than 6,000 certificates to date, with the numbers more than tripling in the past year.”
According to Hancock, this growth proves that Cyber Essentials is “an effective tool which can be built on to achieve greater security in our organisations”.
The government already requires all of its suppliers that handle sensitive data to hold a Cyber Essentials certificate, but Hancock said that it will now be “strengthening this requirement to ensure even more of our contractors take up the scheme”.
Hancock was also quick to highlight the existing and growing cyber threats: “We know the scale of the threat is significant: one in three small firms, and 65% of large businesses are known to have, experienced a cyber breach or attack in the past year. Of those large firms breached, a quarter were known to have been attacked at least once per month.
It’s absolutely crucial UK industry is protected against this threat - because our economy is a digital economy. Over 95% of businesses are have internet access. Over 60% of employees use computers at work. The internet is used daily by over 80% of adults - and four out of five people in the UK bought something online in the past year. And we know the costs of a successful attack can be huge. My message today is clear: if you’re not concentrating on cyber, you are courting chaos and catering to criminals.”
Securing organisations’ supply chains
This announcement signals a growing shift in the importance and authority of the Cyber Essentials scheme. In addition to the government’s requirement for suppliers to be certified, many organisations will feel the pressure to achieve certification.
For instance, larger companies, especially FTSE 100 companies, will need to certify in order to secure their supply chain, and small and medium-sized enterprises (SMEs) will need to certify in order to work with larger buyers.