Sergey Nivens - Fotolia
Digital economy minister Ed Vaizey will write to UK FTSE 350 companies to remind them to have robust business procedures in place for cyber security and urge them to take part in the government’s annual Cyber Health Check.
Speaking at the Intel UK & Ireland Security Summit, Vaizey said dealing with cyber security is a partnership between government and industry, and the government will not do business with companies that don’t have cyber security protocols in place.
“It’s obvious that cyber security underpins our entire economy now. We live in a digital economy and therefore we need robust cyber security to keep our businesses secure, keep our citizens safe and make our public services work,” he said.
“We are a world leader in the use of digital technology, so we need to be a world leader in cyber security.”
In the aftermath of the recent TalkTalk data breach, in which customer data was left unencrypted, Vaizey said the incident “served as a warning to protect ourselves”, and promised to write to the FTSE 350 to encourage them to take part in the third Cyber Health Check – an annual assessment of their cyber governance protocols.
“It's a partnership between the government and industry, a partnership between the government and the audit community, and it is designed to help the leading companies in the UK to understand the need for cyber security and work with us to improve their cyber security,” he said.
Vaizey added that he expected 100% of the FTSE 350 companies to say they have included cyber security in their risk register and he would “target those businesses that don’t”.
“It’s really important that cyber security isn’t seen as an IT issue you leave to the IT department. It’s got to be a board room issue and it's got to be at the top of the agenda,” he said.
In the first year of the health check, just over half of the businesses had cyber security in their risk register, while 88% of businesses surveyed did so in 2014.
Cyber Essentials Scheme
Vaizey also encouraged businesses of all sizes to take part in the government’s Cyber Essentials Scheme, which was launched in 2014.
The scheme provides guidance and certification to UK businesses, and aims to raise the cyber security bar in UK businesses.
Vaizey said it sets out the clear basic standards for cyber security and that if a business adopts the scheme, “you will and should protect your business against the majority of threats on the internet”.
“Where it’s appropriate, the government won’t do business if a company doesn’t have a Cyber Essentials Scheme certificate,” he said.
On 17 November 2015, chancellor George Osborne pledged a £1.9bn investment in cyber security over the next five years and launched a National Cyber Security Plan, which includes establishing a national cyber centre at GCHQ that will host a “cyber force” handling cyber incidents in Britain.
Commenting on the new cyber force, Vaizey said that it’s important for the government to “look hard at its own arrangements” in terms of simplifying the architecture of how it handles cyber security issues.
“We need to simplify that quite significantly so that there is one leading part of Whitehall, which will respond to a whole range of different incidents, whether it’s in the public sector or private sector, and to quickly mitigate any damage,” he said.