Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
By Ali Qassim
June 6 --Businesses in the U.K. will be able to show consumers that they have taken measures to help defend themselves against common cyberthreats following the June 5 official launch of the U.K. government's cybersecurity scheme, according to the U.K. Department for Business, Innovation& Skills.
The Cyber Essentials scheme will differ from the U.S. government's cybersecurity framework, which was rolled out in February , because the U.K. framework will be mandatory, not voluntary. Beginning Oct. 1, 2014, “all suppliers bidding for certain personal and sensitive information handling contracts” will have to be certified under the scheme, the department said in a June 5 statement.
The rollout of the Cyber Essentials scheme, which includes an “Assurance Framework” aimed for businesses seeking to demonstrate compliance through an independent certification, was anticipated by the government in April alongside a call for evidence on parts of the framework.
The feedback from a call for evidence in 2013 concluded that none of the existing organizational standards for cybersecurity met today's set of threats, the department said.
The recent attacks by malicious software schemes “Gameover Zeus” and “Cryptolocker” (see related report), as well as the recent hacking attack on online marketplace eBay, “show how far cyber criminals will go to steal people's financial details, and we absolutely cannot afford to be complacent,” University and Science Minister David Willetts said in the department's statement.
Supporting the need for the Cyber Essentials scheme, Mike Cherry, national policy chairman of the U.K.’s Federation of Small Businesses, said in the statement that the federation's research found that cybercrime costs small businesses around 800 million pounds ($1.34 billion) every year.
Welcoming the scheme, U.K. Information Commissioner Christopher Graham said in a June 5 statement that “protecting personal data depends on good cyber security, and the threats and challenges are getting ever more sophisticated.”
Stressing that “all too often organizations fail at the basics,” Graham said the scheme focuses on “the core set of actions that businesses should be taking to protect themselves, their customers, and their brand.”
The first businesses to apply for a Cyber Essentials scheme award include defense organization BAE Systems Plc, U.K. banking giant Barclays Plc and software and computer products provider Hewlett-Packard Co., the Department for Business, Innovation & Skills said.
The scheme will provide two levels of assurance--“Cyber Essentials” and “Cyber Essentials Plus”--depending on the size of the organization and to provide lower-cost alternatives to small businesses, universities, charities and the public sector.
The department has released guidance to help organizations to self-assess themselves ahead of gaining formal certification.
The government suppliers most likely to be affected by the mandatory requirement to become certified are information technology-managed or outsourced services, commercial services, financial services, legal services, human resource services and business services, according to the department.
To contact the reporter on this story: Ali Qassim in London at firstname.lastname@example.org
To contact the editor responsible for this story: Katie W. Johnson at email@example.com
Information on the Cyber Essentials scheme, including guidance for organizations, is available at https://www.cyberstreetwise.com/cyberessentials/.
The “Cyber Essentials Scheme Assurance Framework” is available at https://www.cyberstreetwise.com/cyberessentials/files/assurance-framework.pdf.
The guidance document, “Cyber Essentials Scheme Requirements for basic technical protection from cyber attacks,” is available at https://www.cyberstreetwise.com/cyberessentials/files/requirements.pdf.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)