UK Government Still Failing To Tackle Cyber Security

Cyber Crime

The British government’s efforts to incentivise UK businesses to do more about cyber security should be applauded, but must be reinforced with clear leadership and practical next steps.

A new survey by the Department for Business, Innovation and Skills (BIS) has revealed that only 14% of British FTSE 350 firms are regularly considering cyber threats, despite the increasingly high level of online crime.

Whilst the government is demonstrating determination to tackle the growing cyber threat, it seems that it has so far failed to strike the right note with UK businesses. It is correct to point at the problem, but it also has to take the lead and point at the solution.

On 26th November BIS published a research report on UK Cyber Security Standards, which recognises that “the timely availability of relevant and appropriate cyber security standards with which organisations can develop and demonstrate their cyber security abilities and credentials” is a major factor for boosting the UK’s “collective maturity and confidence in this area”.

The report revealed that ISO 27001 is the most frequently adopted standard by a significant margin, yet the government seems slow in its decision to identify a standard which meets its own requirements as well as business needs.

Cyber security is a challenge we all face today – not tomorrow. Cyber criminals are acting now and they are targeting our data and stealing our money.

UK organisations need a clear direction, a step-by-step approach as to what they need to do in order to protect themselves from cyber crime and, with this, British intellectual property and economic success.

Every business, from the boardroom down, needs to be constantly vigilant, continually assessing and improving cyber security. UK businesses will be wise to turn to ISO/IEC 27001, which is a globally recognised best practice standard for protecting systems and data. The standard is suitable for all organisations, from SMEs to FTSE 350 companies, and enables them to address IT security as a competitive differentiator.

The latest ISO survey shows that there are over 19,500 ISO 27001-certified organisations worldwide and this number is growing steadily.

The IT Governance Boardroom Cyber Watch Survey 2013 revealed that, according to 74% of respondents, customers prefer dealing with suppliers with proven IT security credentials, while 50% say their company has been asked by customers about its information security measures in the past 12 months.

And remember, it’s not just your business but also your supply chain that needs to adhere to ISO/IEC 27001. Any gap or weak link in the chain will be found and exploited in cyberspace. The benefits from implementing ISO 27001 are multifaceted and have an impact on all business areas from IT and finance to marketing and sales.

Alan Calder

Alan Calder - author of "IT Governance - a Manager's Guide", is a founder director of IT Governance. Before that, he was CEO of Wide Learning, a supplier of e-learning, of Focus Central London and, before that, of Business Link London City Partners (BLLCP). He was also a member of the DTI's Information Age Competitiveness Working Group. He was for many years a member of the DNV Certification Services Certification Committee, which certifies compliance with international standards including ISO27001/BS7799. Alan works with a wide range of clients on IT governance and information security projects which include design, implementation and deployment of management systems and the development and writing of White Papers. He also speaks at seminars and presentations on IT governance, regulatory compliance and information security.