Cyber security and the first 100 days of government
The first 100 days of this new Government has shown that cyber security and procurement best practice is firmly on the agenda.
Government has urged businesses to take action as the average cost of cyber security breaches for big business has doubled and now stands at £1.46 million (up from £600,000 in 2014). SMEs are also victim to increasing costs – the most severe breaches can now cost as much as £310,800 (up from £115,000 in 2014) according to the Information Security Breaches Survey 2015. Whilst accurate data is virtually impossible to find, these costs are certainly a starting point and give an indication into the severity of a breach.
Robert Pickles, Head of Public Affairs at Canon UK comments. “The good news is that more firms are taking action to tackle the cyber threat and the Government is committed to helping businesses do so through schemes such as ‘Ten Steps to Cyber Security’ and encouraging organisations to earn a ‘Cyber Essentials’ badge to protect themselves from common internet threats. It’s positive to see that guidance is adapted to various audiences, whether they be SMEs or larger organisations.”
Quentyn Taylor, Director of Information Security at Canon Europe believes the Cyber Essentials scheme is a positive step and an affordable option for SMEs. “We support any scheme that helps people to improve their security knowledge and this scheme does just that. Reviewing your cyber security strategy is a fundamental business practice, especially for SMEs who often don’t have dedicated security staff to deal with an attack. Cyber Essentials encourages SMEs to put basic measures in place that protect company data from common cyber security threats and secure best working practices. Previously, the only existing scheme was ISO 27001, an information security standard which, when you add consultancy, training and management fees on top, can be expensive. Cyber Essentials on the other hand is approximately £1500 – £2000, making it more affordable for SMEs. It’s also a very practical measure, requiring the organisation to complete a self-assessment questionnaire, with responses independently reviewed by an external certifying body.
This simple format makes it easy for businesses to adopt basic security practice.
However, there is a need for a graduated version which maintains affordability but has enough depth for it to be trusted and valued from a larger corporate perspective. ‘Cyber Essentials Plus’ goes some way to doing this but it doesn’t have all the answers. Whilst the scheme brings some benefits, the concern for international businesses is that each country will have local testing requirements and ultimately, different security standards. Whilst a single regulation is perhaps unnecessary, we do need equivalency, as we have in industries such as education and pharmaceuticals, which would mean if a company meets a certain standard in one country, it is equivalent to that of another”.
Alongside Cyber Essentials, best practice in procurement has also been a major focus for this government.
Pickles continues. “It’s interesting to see how cyber security is becoming a key part of the procurement process as the Government continues to strive to make the UK one of the safest places in the world to do business online. The Government’s new online cyber security training course, for example, was created with the aim of helping the procurement profession stay safe. Those of us working in procurement will know that the information we work with is both financially and commercially sensitive, which in turn only increases the importance of cyber threats. The cyber security training course aims to help people working in procurement to prevent and deal with cyber risks by providing advice on how to safeguard digital information, raise awareness of cyber issues with suppliers and find advice on how to deal with issues such as information breaches in the workplace. The course is interactive and it has been designed by both Government and industry.
It is encouraging to see that the importance of cyber security and safe procurement processes are recognised by Government and we look forward to seeing further developments in both these areas.”