Business Insurance will be back online in October. Please check back then to subscribe/register.

All existing subscriptions will be honored. Contact with any questions.


U.K. launches business cyber security certification process

Comments Email Reprints

The U.K. government has launched a cyber security certification framework for businesses to demonstrate that they have taken steps to improve their security against cyber threats.

The Cyber Essentials plan, launched by U.K. Universities and Science Minister David Willetts, is backed by American International Group Inc., the British Insurance Brokers’ Association, the International Underwriting Association, Marsh L.L.C. and Swiss Re Ltd., the Department for Business, Innovation & Skills said in a statement.

The plan offers two levels of certification: Cyber Essentials, which is awarded on a self-assessment basis and then verified by an independent certification body; and Cyber Essentials Plus, which includes external testing of a company’s cyber security.

It focuses on five main areas of cyber security controls: boundary firewalls and Internet gateways; secure configuration of systems; access control; malware protection; and patch management.

The plan, which is now open and available to organizations of all sizes in the United Kingdom, uses several accreditation bodies depending on the type of company seeking certification, and certification bodies who will be in competition with each other, meaning that prices for certification will vary, the U.K. Department for Business, Innovation and Skills said in a statement Friday.

Once companies have been certified, they will be allowed to display a badge valid for one year.

“The Cyber Essentials scheme will help businesses differentiate themselves and allow them to let insurers know they have taken steps to be cyber secure,” said Dave Matcham, CEO of the London-based IUA, in a statement.

More from BI