The government has said it will be pushing for more companies to gain certification to the Cyber Essentials scheme. The scheme is backed by the government and contains five key controls that, when implemented correctly, can prevent the majority of cyber-attacks.
Matt Hancock, the Minister for Digital and Culture, was speaking at the Cyber Security Summit at the Institute of Directors in London in March.
“Numbers are really starting to grow,” he said. “Already, we’ve awarded more than 6,000 certificates to date, with the numbers more than tripling in the past year.”
According to Hancock, this growth proves that Cyber Essentials is “an effective tool which can be built on to achieve greater security in our organisations”.
The government already requires all of its suppliers that handle sensitive data to hold a Cyber Essentials certificate, but Hancock said that it will now be “strengthening this requirement to ensure even more of our contractors take up the scheme”.
Hancock was also quick to highlight the existing and growing cyber threats: “We know the scale of the threat is significant: one in three small firms, and 65% of large businesses are known to have, experienced a cyber breach or attack in the past year. Of those large firms breached, a quarter were known to have been attacked at least once per month.
It’s absolutely crucial UK industry is protected against this threat - because our economy is a digital economy. Over 95% of businesses are have internet access. Over 60% of employees use computers at work. The internet is used daily by over 80% of adults - and four out of five people in the UK bought something online in the past year. And we know the costs of a successful attack can be huge. My message today is clear: if you’re not concentrating on cyber, you are courting chaos and catering to criminals.”
Securing organisations’ supply chains
This announcement signals a growing shift in the importance and authority of the Cyber Essentials scheme. In addition to the government’s requirement for suppliers to be certified, many organisations will feel the pressure to achieve certification.
For instance, larger companies, especially FTSE 100 companies, will need to certify in order to secure their supply chain, and small and medium-sized enterprises (SMEs) will need to certify in order to work with larger buyers.
Cyber Essentials shows organisations how to address cyber security vulnerabilities in a way that, as Hancock said, is “simple, low-cost and specifically designed for SMEs”.
He added: “All firms which rely on the Internet should have Cyber Essentials – as a minimum”.
Benefits of Cyber Essentials
The Cyber Essentials scheme provides a number of benefits. A certified organisation will be able to:
• It shows your commitment to security; demonstrating to your business partners, regulators and suppliers that you take cyber security seriously.
• It is a mandatory requirement for government suppliers and for all public service contracts.
• It enables you to safeguard commercially sensitive data.
• It protects your company’s profits and reputation by avoiding the financial implications any negative publicity associated with a cyberattack.
• It gives you a competitive advantage, particularly in comparison to rivals without accreditation.
The scheme will also help businesses accelerate compliance towards other legislation, namely the General Data Protection Regulation, coming into force in 2018.
As Accredited Cyber Essentials consultants, and a certified organisation ourselves, Octree is very well place to assist you achieve this invaluable kitemark; and maintain it! Call us today to find out more, or take a look at our website, www.octree.co.uk/cyberessentials