The U.K. government has launched a cyber security certification framework for businesses to demonstrate that they have taken steps to improve their security against cyber threats.
The Cyber Essentials plan, launched by U.K. Universities and Science Minister David Willetts, is backed by American International Group Inc., the British Insurance Brokers’ Association, the International Underwriting Association, Marsh L.L.C. and Swiss Re Ltd., the Department for Business, Innovation & Skills said in a statement.
The plan offers two levels of certification: Cyber Essentials, which is awarded on a self-assessment basis and then verified by an independent certification body; and Cyber Essentials Plus, which includes external testing of a company’s cyber security.
It focuses on five main areas of cyber security controls: boundary firewalls and Internet gateways; secure configuration of systems; access control; malware protection; and patch management.
The plan, which is now open and available to organizations of all sizes in the United Kingdom, uses several accreditation bodies depending on the type of company seeking certification, and certification bodies who will be in competition with each other, meaning that prices for certification will vary, the U.K. Department for Business, Innovation and Skills said in a statement Friday.
Once companies have been certified, they will be allowed to display a badge valid for one year.
“The Cyber Essentials scheme will help businesses differentiate themselves and allow them to let insurers know they have taken steps to be cyber secure,” said Dave Matcham, CEO of the London-based IUA, in a statement.