UK businesses and individuals are more under threat than ever before from cyber attacks.
According to the recent Cyber Security Breaches Survey:
- Over 4 in 10 (43%) businesses experienced a cyber security breach or attack in the last 12 months
- Under 3 in 10 (27%) businesses have a formal cyber security policy or policies
- Large firms reported an average of 12 attacks per year that they knew about, while six attacks per year were reported by medium-sized firms
Cyber attacks are extremely costly to businesses; The Cost of Cyber Crime study estimates that the economic cost of cyber crime to UK businesses is £21 billion per year. In addition, IBM and The Ponemon Institute recently calculated the global average cost of a data breach to an organisation is $3.86 million.
And innocent individuals and customers are affected too; the Cost of Cyber Crime report found that the annual cost of cyber crime to UK citizens is £3.1 billion - around £47 per person.
It is critical for more to be done to protect businesses and individuals in the UK from the growing threat of cyber crime.
What do we want?
The government, through the National Cyber Security Centre (NCSC), operates the optional Cyber Essentials scheme, through which companies can become certified for having a minimum level of IT security in place. The NCSC states that meeting the Cyber Essentials criteria for certification will address the most common internet-based threats to cyber security.
However, with so few UK businesses having any form of security policy in place (including Cyber Essentials), we want you to sign this petition to urge the UK government and the NCSC to put regulations in place to ensure all businesses over a certain size meet a minimum legal standard of IT security.
We are calling for:
- the legal requirement for medium-sized businesses (51-250 employees) to meet at least the criteria for certification for the Cyber Essentials scheme
- the legal requirement for all large business in the UK (more than 250 staff) to at least meet the criteria for certification for the more comprehensive Cyber Essentials PLUS scheme
- the government to assist with compliance either in the form of funding or relevant exemption criteria for businesses that would struggle to cover the cost of securing certification
Please show your support by signing and sharing this petition.
What are the Cyber Essentials criteria?
As outlined in the Cyber Essentials criteria, the requirements fall under five technical control themes:
- secure configuration
- user access control
- malware protection
- patch management
As an applicant to the scheme, businesses must ensure that they meet all requirements. They may also be required to supply various forms of evidence before their chosen Certification Body can award certification at the level they seek.
Applicants need to:
- Establish the boundary of scope for your organisation, and determine what is in scope within this boundary.
- Review each of the five technical control themes and the controls they embody as requirements.
- Take steps as necessary to ensure that your organisation meets every requirement, throughout the scope you have determined.
The full requirements that must be met to achieve Cyber Essentials certification can be found here.
The requirements that must be met to achieve Cyber Essentials PLUS are exactly the same as Cyber Essentials, but also includes an independent assessment of security controls, to verify that the company does have the five technical security controls in place.
Evaris is a progressive technology provider that drives business transformation through technology.
Based in Manchester, Evaris works with organisations of all sizes to conceive, deploy and maintain tailored technology and solutions - from IT products to managed services - to help them achieve their business goals.
With strong partnerships with the leading technology vendors and a proactive, responsive and experienced team of IT specialists, Evaris aim to help organisations gain a competitive edge through modernised IT systems.