Shaping Cyber Risk management for the UK | are you playing your part?

Can you help create a framework for Cyber Risk management for the UK?

The Department of Business, Innovation and Skills (BIS) is looking at how to help business improve its management of Cyber Risk through a process of industry engagement that is trying to identify how standards can be used in this process.

Below is an excerpt from the formal call for evidence from BIS outlining the process and next steps.

The Government's Cyber Security Strategy, published in November 2011, set out the intention to encourage industry-led standards and guidance that are readily used and understood, and that help companies that are good at cyber security make that a selling point for their business. However there are various cyber security-related standards and guidance in the marketplace, which can be difficult to navigate for those organisations that want to invest in improving their organisational cyber security.

In September 2012, the Government launched its Cyber Security Guidance for Business and the 10 Steps to Cyber Security, offering businesses clear guidance on how to best manage cyber risk within their organisations. This has been followed in April 2013 by guidance tailored to small businesses. The Government’s 10 Steps to Cyber Security guidance prompted debate amongst business leaders about where to look for the right level of assurance that their organisations, and those in their supply chains, are effectively managing their cyber security risk. These companies were questioning what assurance, or which organisational standard, exists for this.

In order to offer clarity to the private sector on what good cyber security looks like, and which organisational standard to invest in to best manage their cyber risk, the Government intends to select and endorse an organisational standard that best meets the requirements for effective cyber risk management.

It is not our goal to create a new standard. The cyber security landscape is quite complex and difficult to navigate for those organisations that want to improve their own cyber security. We do not want to add further to that confusion or that complexity. Our goal is to clarify which standard we feel best assures an organisation that they are effectively managing their cyber risk - that might be a new one or it might be an existing and well-established one.

With industry stakeholders, we have developed and now published the requirements in order to reach a common view of what constitutes good cyber security in an organisation, and therefore what should be covered in a good organisational standard for cyber security.

This is a call for evidence for organisations and groups to submit evidence in support of their preferred standard in line with these requirements. BIS will use this evidence to select the Government’s preferred organisational standard for cyber security.

Following further engagement across industry and with other industry groups the Continuity Forum has set up an online discussion and collaboration portal to assist in the debate and help highlight common priorities for organisations submissions to BIS.

If you would like to know more about this initiative and how to get access to the industry portal please contact us directly HERE!