The UK government has responded to some concerns about the Cyber Essentials scheme by pointing out that only 35,000 organizations are accredited in the country.
Managed by the Department for Science, Innovation and Technology (DSIT) and the National Cyber Security Center (NCSC) and delivered through the IASME consortium, Cyber Essentials was launched nine years ago with the aim of improving baseline security for UK organizations. rice field.
However, although the number of certifications has increased from less than 500 per month in January 2017 to just under 3,500 in January 2023, the number of organizations following the scheme remains an estimated 5.5 million UK companies. are just a few of the private sector companies in
Read more about Cyber Essentials: Cyber Essentials scheme set for April 2023 update
A DSIT assessment of the scheme, released late last week, highlighted some concerns. For example, some users say they don’t think the controls are relevant to their organization.
“Regarding the implementation of the plan, strategic stakeholders (government and industry representatives) are aware of the current ‘uniform’ challenges to implementing cybersecurity measures by organizations of various types and sizes. ‘highlighted the challenges of the approach,’ said the sector,’ the report added.
“So they advocate building in more flexible features if this is possible.”
Opinions were divided as to whether the system would be cost-effective. Fifty-eight percent agreed, while a quarter (26%) were ambivalent and a minority (16%) disagreed or strongly disagreed.
“All surveyed organizations were asked how they thought the Cyber Essentials scheme could be improved in the future, and suggestions were grouped into five main themes: i) Increased customization and extensibility; ii) improved communication, guidance and support, iii) reduced costs, iv) quality and scrutiny of assessments, and v) synergies with other security schemes,” the report continues.
Government statistics show that only 14% of businesses and 15% of charities are aware of the Cyber Essentials scheme, while 50% of medium-sized companies and 59% of large companies are aware of it.
The report expressed concern that many of the organizations that choose to be accredited do so simply because they need to meet contractual requirements with public sector customers.
This review made several recommendations to DSIT, IASME, and NCSC.
- Raise awareness of security threats and present users with informed choices for the best possible solutions.
- Improve information, tools and guidance for current and future users
- Provide more customized information for businesses of different types and sizes
- Consider adapting Cyber Essentials to better meet the needs of your current users.
- Enhanced robustness and transparency
