Cyber Essentials ignites a supply chain reaction.
The digital world is becoming ever more dangerous, but all too few British businesses are taking practical steps to stay secure.
New research from the Institute of Directors and Barclays reveals the scale of the problem: while almost all companies (95%) think IT security is important, nearly half (45%) have no formal cyber strategy in place, while still fewer invest in cyber awareness training (44%) or know who to contact in the event of an attack (40%).
Speaking at the Institute of Directors’ cyber security conference where the report was launched, Matt Hancock – Minister for Digital and Culture – summed up the situation, saying: “if you’re not concentrating on cyber, you are courting chaos and catering to criminals”.
According to GCHQ, the majority of today’s cyberattacks exploit basic, known vulnerabilities. As such, it’s critical for British businesses to implement the security fundamentals, like user access control, patch management and malware protection. Since June 2014, the UK Government’s Cyber Essentials scheme has been doing just that – helping organisations better protect themselves against common cyberattacks.
To date, more than 6,000 businesses have gained Cyber Essentials certification and the rate of uptake is increasing, but there’s still a long way to go before the UK’s 5.5 million businesses all have a basic level of security hygiene in place.
Eliminating weak links.
While Cyber Essentials is already supported by industry-bodies like the Federation of Small Businesses, the Government is now targeting the supply chain to encourage more companies to prioritise security.
In today’s interconnected world, no organisation stands alone. Companies are now so interdependent that one business’s security failures can create chaos for a whole web of suppliers, partners and customers. Every business has a duty to evaluate its IT security thoroughly, not simply out of self-interest, but also to protect others. As Matt Hancock puts it: “the security of our suppliers is as important as our own security”.
While any government suppliers handling sensitive data are already required to hold Cyber Essentials certification, many of the UK’s largest firms are now coming on board as well. International blue-chips like Barclays, BT, Vodafone, Astra Zeneca and Airbus will all now encourage their suppliers to adopt Cyber Essentials. Meanwhile, the Government is also updating its requirements to make them easier to understand and put into practice.
An essential competitive advantage.
It’s not surprising that big businesses are increasing their focus on supplier security; some of the biggest data breaches in recent memory were caused by supplier vulnerabilities. In fact, savvy cybercriminals will even target suppliers as a means to infiltrate larger organisations and compromise more valuable data.
By promoting Cyber Essentials across their supply chains, big business is sending a clear signal to British SMEs that security really can affect the bottom-line. Lucrative contracts will begin to fall through the fingers of firms that fail to take action on security, something that will only be further exacerbated by the fines and penalties set out in the EU’s incoming General Data Protection Regulation.
Good security hygiene now lies at the heart of business competitiveness. In a world where data breaches are always in the headlines, customers and partners will be more willing to do business with those that have effective, proactive security.
Cyber Essentials certification is set to become a competitive differentiator, so now’s the time to assess your security, close any gaps, and ensure customers always have the right reaction to your business.