New cyber security requirements

NDA new 200All suppliers bidding for certain NDA contracts involving sensitive and personal information are now required to provide assurance of compliance with the requirements of Cyber Essentials (CE).

FACT: The NDA’s network is subject to 30,000 automated cyber attacks or scans EVERY DAY. This is not unusual.

Networks in the supply chain are also at risk of attack.

A recent Cabinet Office report states that:

“We estimate the cost of cyber-crime to the UK to be £27 billion per annum. A significant proportion of this cost comes from the theft of Intellectual Property (IP) from UK businesses, which we estimate at £9.2 billion per annum. In all probability, and in line with our worst-case scenarios, the real impact of cyber-crime is likely to be much greater.”

Earlier this year, the UK Government launched the Cyber Essentials Scheme. This scheme advises on basic cyber controls that can be implemented to reduce the risk of compromise of information from common internet-based threats.

Cyber essentials scheme: overview

From last month October 2014, all suppliers bidding for certain contracts involving sensitive and personal information are required to provide assurance of compliance with the requirements of Cyber Essentials (CE).

The Government believes that implementing these basic measures can significantly reduce vulnerability to cyber attack. It does not offer a silver bullet to remove all security risks. Cyber Essentials defines a focused set of controls which provide cost-effective basic security for organisations of all sizes. In particular, it focuses on threats which require low levels of attacker skill, and which are widely available online.

Meanwhile, the Assurance Framework, leading to the awarding of Cyber Essentials and Cyber Essentials Plus certificates for organisations, has been designed in consultation with SMEs to be light-touch and achievable at low cost. The two options give organisations a choice over levels of assurance and the cost of doing so.

The full scheme is backed by industry including the Federation of Small Businesses, the CBI and a number of insurance organisations which are offering incentives for businesses that get CE certified.