Key Takeaways
- The UK government is urging businesses to embed best practice security in their supply chains using a new playbook and the Cyber Essentials (CE) scheme.
- The CE scheme can be used as an assurance mechanism and can be deployed in combination with the NCSC Supplier Check tool.
- The playbook provides seven steps to help businesses embed CE in their supply chains, including understanding supply chain risks, defining supplier security profiles, and incentivizing CE adoption.
- The NCSC is offering free cyber-liability insurance to businesses with a turnover of under £20m that achieve CE certification.
- Awareness and take-up of the CE scheme remain low, with only 12% of businesses polled by the government aware of the framework and just 3% accredited.
Introduction to the Cyber Essentials Scheme
The UK government’s National Cyber Security Centre (NCSC) has called on businesses to prioritize supply chain security by using a new playbook and the Cyber Essentials (CE) scheme. The CE scheme is a best practice framework that provides a baseline level of security for organizations, and the NCSC is urging businesses to embed it in their supply chains to reduce the risk of cyber-attacks. The scheme can be used as an assurance mechanism, and can be deployed in combination with the NCSC Supplier Check tool, which enables organizations to quickly check which of their suppliers are certified.
The Playbook and Supplier Check Tool
The playbook itself contains actionable advice, tools, and resources to help businesses embed CE in their supply chains. It consists of seven steps, including understanding supply chain risks, defining supplier security profiles, and incentivizing CE adoption. The NCSC’s Supply Chain Principles guide can also help organizations better understand the cyber-risks associated with suppliers. The Supplier Check tool is a key component of the playbook, allowing organizations to quickly and easily check which of their suppliers are certified, and to what level. This tool can help businesses to identify potential vulnerabilities in their supply chain and take steps to mitigate them.
The Importance of Supply Chain Security
The importance of supply chain security cannot be overstated. Cyber-attacks can have a devastating impact on businesses, and supply chains can provide numerous points that attackers can exploit. According to the NCSC, only 14% of firms are on top of the potential risks faced by their immediate suppliers. This is why the UK’s cybersecurity minister, Liz Lloyd, has written to the country’s leading companies, urging them to take steps to bolster their cybersecurity, including securing their supply chains using the CE scheme. By prioritizing supply chain security, businesses can reduce the risk of cyber-attacks and protect their operations, reputation, and contracts.
The Benefits of Cyber Essentials Certification
The CE scheme is a great way for organizations to improve their baseline security posture. According to the NCSC, 43% of organizations suffered a cyber-attack over the past year, highlighting the need for robust security measures. The CE scheme provides a framework for organizations to follow, and can help to reduce the risk of cyber-attacks. Additionally, businesses with a turnover of under £20m that achieve CE certification are entitled to free cyber-liability insurance, including professional incident response support. This can provide businesses with peace of mind and financial protection in the event of a cyber-attack.
Challenges and Limitations
Despite the benefits of the CE scheme, take-up remains low. Quarterly certifications surpassed the 10,000 milestone for the first time in the first three months of the year, but there are nearly six million private sector businesses in the UK. Awareness of the best practice framework is also low, with only 12% of businesses polled by the government aware of the framework. The figures for large and medium businesses are higher, but still nowhere near universal. The study claimed that just 3% of UK businesses are accredited, rising to 21% of large organizations. This highlights the need for increased awareness and education about the benefits of the CE scheme and the importance of supply chain security.
Conclusion
In conclusion, the UK government is urging businesses to prioritize supply chain security by using a new playbook and the Cyber Essentials scheme. The CE scheme provides a framework for organizations to follow, and can help to reduce the risk of cyber-attacks. The playbook and Supplier Check tool provide actionable advice and resources to help businesses embed CE in their supply chains. While take-up and awareness of the CE scheme remain low, the benefits of certification, including free cyber-liability insurance, make it an attractive option for businesses. By prioritizing supply chain security and using the CE scheme, businesses can reduce the risk of cyber-attacks and protect their operations, reputation, and contracts.
