Today the UK Government, through the Department of Business Innovation & Skills (BIS), launched the new Cyber Essentials Scheme, a product of the UK Cyber Security Strategy, which will be hosted on the Pervade Software Compliance Tracker.
It has been created with contributions from IASME, ISF and CESG and it is aimed at small businesses who are not large enough to tackle the cost and complexity associated with more comprehensive standards such as ISO27001. The Government want to promote this to as many small businesses as possible to generally improve cyber defence in the UK but also to demonstrate to the world at large that the UK is a safer place to do business.
This scheme can also offer a lot of value to larger organisations by providing something simple, cheap and formal to offer to their own supply chains. In fact, from 1 October 2014, the Government will require all suppliers bidding for certain contracts which are assessed as higher risk to be Cyber Essentials certified. The suppliers and contracts affected are likely to be from the following sectors: IT managed or outsourced services, commercial services, financial services, legal services, HR services and business services.
John Barry from Opt-Sec, the Managed Compliance Service Provider, said: "This is a great way for large organisations to steer their suppliers towards best practice, provide a recognised benchmark and push their security perimeter outwards"
BAE Systems, Barclays, Hewlett-Packard and Pervade Software are among the first businesses to apply for the award. Small businesses such as Skyscape, Nexor and Tier 3 are also adopting the scheme, along with the University of Derby, the Confederation of British Industry and the Institute of Chartered Accountants.
Research by the Federation of Small Businesses conducted last year found that small businesses lose about 800 million pounds every year as a result of online crime and the Rt. Hon. David Willetts, Minister for Universities and Science, who launched the new standard, said: "The recent GOZeuS and CryptoLocker attacks, as well as the Ebay hack, show how far cyber criminals will go to steal people's financial details, and we absolutely cannot afford to be complacent."
"We already spend more online than any other major country in the world, and this is in no small part because Britain is already a world leader in cybersecurity. Developing this new scheme will give consumers further confidence that business and government have defences in place to protect against the most common cyber threats."
Currently the only certifying body with the ability to conduct the Self Assessments required for certification to the new standard is the IASME Consortium and their assessment is hosted on the Pervade Software Compliance Tracker.