WavebreakmediaMicro - Fotolia

Majority of UK businesses have been targeted by cyber criminals

Cyber attacks are now considered a serious threat to UK businesses, yet a relatively small number have adopted the government's Cyber Essentials Scheme

The government has warned that 90% of major businesses have faced a cyber attack in the past year, with 74% of small businesses also victims of cyber crime.

Launched in 2014, the government's Cyber Essentials Scheme (CES) outlined a set of security criteria businesses need to meet to protect their digital assets from attack by cyber criminals. The initiative aims to protect businesses against the most common online threats.

Speaking at the Financial Times Cyber Security Europe Summit, minister for the digital economy Ed Vaizey revealed more than 1,000 businesses have now adopted CES – but with an estimated five million businesses now operating in the UK, the scheme has a long way to go.

"Good cyber security underpins the entire digital economy – we need it to keep our businesses, citizens and public services safe. The UK is a world leader in the use of digital technologies but we also need to be a world leader in cyber security," he said.

"Trust and confidence in UK online security is crucial for consumers, businesses and investors. We want to make the UK the safest place in the world to do business online and CES is a great and simple way firms can protect themselves."

Speaking at the conference, Vaizey also announced a £500,000 fund to help universities and colleges develop innovative teaching and learning to provide the cyber security skills needed to protect the UK now and in the future. The fund will be administered through the Higher Education Academy.

Read more about Cyber security Essentials

Academic institutions can apply for up to £80,000, which must be match-funded by the institution and must generate real-world impact across the discipline. The fund will ensure higher education students get high-quality, innovative teaching, giving them the skills to protect UK businesses and the government against cyber attacks.

Other initiatives include a voucher scheme offering micro, small and medium-sized businesses up to £5,000 for specialist advice to boost their cyber security and protect new business ideas and intellectual property.

CES was developed by the government in consultation with industry and launched in June 2014. It aims to raise the cyber security bar in UK business. The scheme's set of five critical controls applies to all types of organisations of all sizes, giving protection from the most prevalent forms of threat from the internet.

All suppliers bidding for government contracts that involve handling sensitive and personal information need to comply with CES. There are two levels of accreditation: Cyber Essentials and Cyber Essentials Plus.

Ian Glover, president of security certification body Crest, the organisation involved in developing Cyber Essentials Plus, said: "If you have met the requirements of the Payment Card Industry Data Security Standard you have already met almost all the requirements for Cyber Essentials Plus."

When asked about the slow adoption, Glover said: "We are standing on the precipice of a lot of activity. The launch was a new initiative and a lot of businesses had not heard about it, but the numbers are steadily building up."

He added that CES represents a step up from ISO 27001 in terms of security accreditation: "You could get accredited with ISO 27001 but have really poor security, but the Cyber Essentials Plus level starts to fill that gap."

Read more on Security policy and user awareness