The government is calling on industry to provide evidence on what it thinks is the best ‘organisational standard’ for effective cyber risk management, which it will then endorse as the preferred approach.
The Department for Business Innovation and Skills has said that ‘there are currently various relevant standards and guidance, which can be confusing for organisations, businesses and companies that want to improve their cyber security’.
Government published its Cyber Security Strategy in November 2011, which saw some £650 million earmarked to spend over a four year period in a bid to tackle cyber crime and make the UK one of the most secure places in the world to do business in cyber space.
However, the strategy has been criticised by former minister Baroness Pauline-Neville Jones, who said implementation was ‘too slow, and has also been highlighted as a concern by BCS, the Chartered Institute for IT, and (ICS)2, the global membership body of information security professionals.
The government is asking for businesses and organisations to send an expression of interest to submit evidence in support of a preferred standard by Monday 8 April 2013. The final date for submitting evidence will be Monday 14 October 2013.
The guidance notes read: “The purpose of this document is to articulate a series of requirements that government judges a ‘good’ organisational standard for cyber security should look like.
“Government will use these requirements to select and endorse a preferred organisational standard amongst the private sector.”
The document published today also highlights that the average cost of a small business’ worst information security breach in 2012 was between £15,000 - £30,000, and of a large organisation’s, £110,000 - £250,000.
The government has said that information security breaches cost the UK economy billions each year.
Minister for the Cabinet Office, Francis Maude, recently hailed the government’s cyber security strategy a success, where he pointed to a number of projects, including the Police Central e-Crime Unit, which has exceeded its four year operations performance target of averting £504 million of harm within the first year of the programme.
According to the Cabinet Office, it has prevented £538 million of harm at a return on investment of £72 harm averted for every pound invested.