Evaris has called for action to establish a mandatory minimum level of IT security for all businesses.
The Manchester-based business has launched a petition, backed by IT and cyber security professionals, to put pressure on the government to make the currently optional National Cyber Security Centre’s (NCSC’s) Cyber Essentials Scheme compulsory for businesses to protect them in the event of a cyber attack and reduce the cost of cyber crime to the UK economy, as well as the public.
According to the recent Cyber Security Breaches Survey, less than three in 10 (27%) businesses have a formal cyber security policy in place, while large companies reported an average of 12 attacks per year that they knew about. Six attacks per year were reported by medium-sized companies.
As a result, Evaris is calling for all businesses to take steps to prevent such attacks from occurring.
The petition aims to ensure small organisations with up to 50 employees and medium-sized firms with between 51 and 250 staff should meet at least the criteria for certification for the Cyber Essentials scheme. Large businesses (those with more than 250 employees) should at least meet the criteria for the Cyber Essentials Plus scheme.
Terry Saliba, Solutions Architect at Evaris, said: “Data shows that more than four in ten businesses experienced a cyber security breach in the past 12 months, and these are becoming increasingly sophisticated and costly for businesses across all industries.
“Unfortunately, we still see that many firms are failing to understand the extent of this issue, and so we believe this petition is vital for establishing a compulsory baseline adhered to by all businesses.
“We’re extremely pleased to see our campaign to make Cyber Essentials compulsory for all companies has gained the support of industry bodies. These organisations see the extent of the damage caused by a lack of IT security and training on a daily basis.”
Vince Warrington, CEO of Protective Intelligence, said: “I’m supporting the petition because I’ve had to deal with the consequences of cyber attacks and seen the destruction they can cause.
“At the moment, far too many companies still see cyber security as a ‘nice to have’ rather than an essential part of everyday business, or feel they don’t understand what they need to do to protect themselves. But cyber attacks are not going to simply disappear – the criminals behind them will target your business if you haven’t taken even the most basic steps to keep them out.
“By driving all companies to adopt Cyber Essentials the government can not only create a good level of basic cyber hygiene across UK Plc, but also create a regular flow of work small cyber security businesses can themselves bring onboard new staff and train them up, thus reducing the predicted shortfall in qualified cyber security experts that the country will need in the decades to come.”
In order to be certified by the Cyber Essentials Scheme, applicants must, as a minimum:
- Use a firewall to secure their internet connection
- Choose the most secure settings for their devices and software
- Control who has access to data and services
- Have protection against viruses and other malware
- Keep devices and software up to date