Government to launch a consultation on effective cyber risk management

The UK’s national cyber security strategy, published in November 2011, set out the government’s intentions to encourage industry-led standards and guidance for organisations to manage the risk to their information. However there is still confusion around which standards are best followed. As a consequence the government has announced that it plans to select and endorse a preferred organisational standard that best meets the requirements for effective cyber risk management.

According to the Department for Business Innovation and Skills, there are currently a number of relevant standards and guidance, which can be confusing for any organisation, business or company that wants to improve its cyber risk security. So the government is aiming to offer clarity to the private sector, by offering a single, over-arching standard that will be selected after public consultation.

According to the government’s consultation notice:

“This call for evidence, and our subsequent selection of a preferred standard, will help businesses identify what good cyber risk management looks like and select which organisational standard to invest in. Effectively managing the risk to its information should be a core part of any organisation, big or small.”

The UK economy pays a heavy price for its failure to adequately manage cyber risk security. According to the Price Waterhouse Cooper (PWC) 2012 Information Security Breaches Survey, such breaches cost the UK economy billions each year. The average cost of a small business’ most-significant information security breach in 2012 was £15,000-£30,000, and for large organisation the figure came out at between £110,000 and £250,000.

Organisations and groups have been invited to indicate their interest in submitting evidence in support of their preferred standard by Monday, 8 April 2013. The government has said it will publish guidance for submitting bodies by Tuesday, 30 April 2013. The final date for submitting evidence will be Monday, 14 October 2013.

If your company would like help with security reviews, penetration testing or web security solutions, please contact Krypsys on 01273 044 072 or [email protected].