In his keynote speech at GCHQ’s IA15 event – the government’s “principal event for briefing the UK’s information security leaders” – GCHQ director Robert Hannigan told delegates that the government and industry needed to work out “how to foster a national ecosystem that promotes cyber security and the skills we need automatically”.
Mr Hannigan said he was “struck by the increasing concerns people have in everyday life about cyber threats”, and noted that there was “an increasingly sophisticated understanding in the public realm that cybersecurity affects everything they do”.
He then questioned whether, in spite of this heightened public knowledge about cyber threats and “significant” government efforts, “the international market for cyber security [was] working sufficiently well.”
In his opinion, it’s not.
Last year, the government launched Cyber Essentials, a cyber security certification scheme that provides a set of five security controls, which organisations can implement to establish a baseline of cyber security, and against which they can achieve certification to prove their credentials. According to the government, implementing these controls will prevent around 80% of cyber attacks.
“There has been some very good progress,” Hannigan said. “Over 1200 companies are now registered as meeting the requirements of Cyber Essentials. Information sharing partnerships are flourishing in some sectors. Cyber risk reviews are helping transform others.
“But standards are not yet as high as they need to be.
“Take up of the schemes is not as high as it should be. So something is not quite right here. The global cyber security market is not developing as it needs to: demand is patchy and it is not yet generating supply. That much is clear.”
He concluded that “we cannot as a country allow this situation to continue.”
The government and GCHQ’s commitment to the Cyber Essentials scheme is indubitable. Recent initiatives demonstrate this – including government grants of £5,000 to help organisations achieve certification to Cyber Essentials Plus – and we can clearly expect a bigger push to encourage uptake of the scheme.
For more information about the Cyber Essentials scheme, and to see how you can secure your organisation for as little as £300, click here >>