Titania at the Official Cyber Essentials Scheme Launch

Andy Williams (Titania's CSO) was present yesterday, at the invite of the office of Rt. Hon. David Willetts MP, Minister of State for Universities and Science, for the official launch of the Cyber Essentials Scheme. The event was hosted by the ICAEW (Institute of Chartered Accountants for England and Wales) and it was aimed to educate companies on the benefits of adopting the scheme and how best to apply it to businesses. 

Cyber Essential Scheme Launch. Credits: @ICAEW

The scheme, which stands as a guidance and certification reference point, will work alongside other cyber security accreditation bodies (such as the Information Security Forum or British Standards Institution). As such, businesses will be granted the opportunity to qualify for badges that would display how security conscious they are. 

Although the government announced it does not intend to impose legal requirements, it has stated that starting on October 1st, all suppliers bidding for information that handles personal and sensitive contracts in the public sector will need to be Cyber Essentials certified. Early adoption by a few high-profile names such as BAE Systems, KPMG and Barclays show that the scheme was received with enthusiasm. Also, the insurance industry is keen to support the integration of the scheme into their standards.

The scheme is overseen by CREST, the not-for-profit organisation that represents and certifies the information security industry, who collaborated alongside CESG to develop the assessment framework for the scheme. For those interested, badges are already accessible: IASME offers self-assessment path and CREST has a 2-level accreditation available. 

Among information security professionals reactions were positive, but at times reserved. The general consensus was that while the scheme is great for getting the basis of cyber security into place, sustained efforts are needed. 

Peter Wood observes that this is certainly ‘better than nothing at all’ as it addresses the lack of cyber security education for small to mid-sized businesses, which could really benefit from governmental help. Other experts agree that while it is a good starting measure, it shouldn't be seen as a complete solution and as in order to achieve noticeable results, the scheme needs continuous refinement in the long-term. 

Andy Williams thinks that "building on the government's '10 Steps to Cyber Security' launched in 2012, the Cyber Essentials Scheme is an useful next step in raising awareness of basic cyber hygiene standards that, if met, can help businesses protect themselves against cyber attacks. It will be interesting to see how many companies pursue the certification. The government's stated intention to ultimately require all of its suppliers to be CES certified will certainly help to encourage the adoption of the scheme across the UK."

It has been reported that the framework does not yet include guidance around business orientated issues such as business management, IT governance or employee awareness. Organisations would find it useful to have one source that is trusted to be up to date and reliable in these areas to help curb confusion. 

The Cyber Essentials Scheme lays down a good basic foundation and the legislative side gives it a more determined approach, suggesting that the Government is starting to recognise cyber security as a major national issue. The Queen’s Speech in the Houses of Parliament saw the proposal of 11 new laws, including a ‘Serious Crime Bill’ which suggests appropriate jail sentences for cyber crime in order to fully reflect the damage inflicted by a cyber attack.