As we have discussed in a recent blog post, the Government’s Cyber Essentials initiative is a fundamental strategy to tackle poor cyber security, and one in which the UK Government has invested millions of pounds.
It has now been announced that organisations could be fined millions, or 4% of their global turnover, if they do not meet the cyber security laws outlined in a new Government proposal.
Improving public sector cyber security
Since 2014, cyber security has been high in the Government’s priorities, but recent attacks on the NHS and the likes of FedEx have pushed the issue higher up the agenda. Organisations that rely heavily on IT systems, such as the NHS, rail operators and utilities providers, could be fined if they do not take appropriate cyber security protections.
The National Cyber Security Centre (NCSC) was created earlier this year as a central point for all information relating to cyber threats and cyber security advice, with the overall aim of making the UK the safest place online.
Cyber Essentials has also been introduced as a Government-backed scheme to prevent 80% of cyber-attacks once implemented correctly, and this membership is one which many public sector contracting authorities are asking for as a requirement when bidding for contracts.
There is also free advice available from NCSC which UK businesses can access: Four Active Cyber Defence programmes.
The fines are a last resort, but one which the Government plans to implement if larger organisations do not take the appropriate security protection measures. The proposal focuses on firms identifying what infrastructure systems should be in place and what security requirements they should have —this must then be demonstrated to the relevant authorities, having done the correct due diligence.
Why should firms care about cyber security?
Ultimately, a cyber security attack, or even a security breach, could cost a firm thousands or even force the business to shut down.
Having the correct cyber security systems in place, or having Cyber Essentials, demonstrates to your supply chain and your customers that you are not at risk of a cyber threat and that you are working in a safe environment.
If you currently work with public sector authorities, or you are looking to bid for public sector contracts in the near future, you must have suitable cyber security measures in place to continue trading or be considered. We envisage that Cyber Essentials will become a mandatory requirement for a lot of larger firms and SMEs supplying the public sector as a precautionary measure.