A Cyber Health Check for Business

The project is a great opportunity for company Boards to understand and manage risks that have the potential to cause major damage to their business. Companies can demonstrate leadership by making cyber a major part of risk management across their whole business.
|

Nowadays, cyber security is constantly in the media. Many people are understandably anxious about the risks, among them investors in our largest companies. As a government, we're committed to doing what we can to make sure corporate leaders know what steps they should be taking to manage cyber risks. To support this goal, the UK's Department of Business, Innovation and Skills (BIS), together with the intelligence agencies MI5 and GCHQ, have written to the London Stock Exchange's largest 350 companies (collectively known as the FTSE350) to launch the Cyber Governance Health Check. This is a two stage project that will offer significant support to businesses which together make up a major part of the UK's economy. The aim is not only to raise awareness within company Boards--i.e. right at the top of these businesses--but to help them do something about it.

Each participating company will complete of a cyber governance questionnaire--through a secure web-based tool--that will generate a report comprising a free and confidential set of conclusions. This will provide each firm with invaluable details of its particular level of cyber security preparedness and awareness, which in turn will help inform discussions between the company and its auditor aimed at reducing its vulnerability to cyber attacks. In the second stage, each participating company will be offered a more technical, in-depth diagnostic audit, to be carried out by its auditor.

The project is a great opportunity for company Boards to understand and manage risks that have the potential to cause major damage to their business. Companies can demonstrate leadership by making cyber a major part of risk management across their whole business. This project reflects the UK's approach of working jointly with industry to tackle the cyber threat posed by those who look to seize commercial advantage and intellectual property and those who seek to destroy critical data and undermine the integrity of vital computer systems. The economic benefits of a stable and secure cyberspace are a clear, and they make shared responsibility in improving cyber security a natural way of dealing with the threat.

The Cyber Security Health Check is only part of the UK government's cyber security corporate governance policy agenda, which seeks to prompt British companies of all shapes and sizes to improve the way they manage cyber risks. Our other initiatives and support include our 10 Steps to Cyber Security, a guide to help companies identify the risks and ask the right questions of their Boards; Cyber Security: what small businesses need to know, a pamphlet directed specifically at smaller enterprises; Innovation Vouchers worth £5,000 ($7,600) in funding for start-ups and entrepreneurs; a £4m ($6.1m) nationwide awareness-raising campaign directed at individuals and small businesses; and the Cyber Security Information Sharing Partnership, a collaboration between industry and government, to name a few. With all of these projects, we're building the cooperation we need to ensure that Britain is protected against the cyber challenges of today and ready for those of tomorrow.