The UK government plans to select and endorse an organisational standard that best meets the requirements for effective cyber risk management.
The UK’s national cyber security strategy, published in November 2011, set out the government’s intentions to encourage industry-led standards and guidance for organisations to manage the risk to their information.
According to the Department for Business Innovation and Skills, there are currently various relevant standards and guidance, which can be confusing for organisations, businesses and companies that want to improve their cyber security.
The government aims to offer clarity to the private sector, based on the standard that is selected after public consultation.
“This call for evidence, and our subsequent selection of a preferred standard, will help businesses identify what good cyber risk management looks like and select which organisational standard to invest in,” the consultation notice said.
“Effectively managing the risk to its information should be a core part of any organisation, big or small,” the notice said.
Read more on cyber risk
- Tips for reducing security risks in 2013
- Businesses fail to address consumerisation security risks
- Technology risk management and business continuity guide for CIOs
- Security Think Tank: A risk-based approach to security is key to business alignment
- Security Think Tank: People and risk key to aligning security and business
Information security breaches cost the UK economy billions each year, according to the PwC 2012 Information Security Breaches Survey.
The average cost of a small business’ worst information security breach in 2012 was £15,000-£30,000, and of a large organisation’s, £110,000-£250,000.
Organisations and groups are invited to indicate their interest in submitting evidence in support of their preferred standard by Monday, 8 April 2013.
The government said it will publish guidance for submitting bodies by Tuesday, 30 April 2013.
The final date for submitting evidence will be Monday, 14 October 2013.