Some feedback here from Intersys after the UK Govt recently published its cyber security strategy. For the insurance sector it’s worth thinking about communicating some basic cyber rules for businesses, as a policy/quote starting point, especially smaller ones that don’t have a staffed IT dept. Here’s the word;
Jake Ives, Head of Security, Intersys, said:
“Many organisations aspire to align with NIST and other advanced frameworks yet frequently fall short of meeting even the requirements of Cyber Essentials, making it an essential foundation for organisations of any size. The security landscape has evolved considerably, and a growing range of cost-effective technical solutions now exists to support businesses in achieving compliance.
It is also important to recognise that supply chain attacks are increasingly prevalent. Regardless of size, if a business provides services to a larger organisation, it automatically becomes a target. Threat actors routinely exploit weaker supply chain members to gain access to higher-value targets or to impact your supply chain members that are situated in regions that are more susceptible to attack due to the current political climate. This is particularly important for smaller businesses to consider, as being involved in a breach of a high-value target could result in unwanted media exposure and lasting reputational damage.
By adopting Cyber Essentials, a business can demonstrate to its customers and supply chain that it has established a solid baseline of security controls and that antiquated, unsupported systems are not in use. This includes measures such as enforcing multi-factor authentication across systems, applying software updates within 14 days, and adhering to the principle of least privilege. Beyond demonstrating to existing customers and supply chain partners that security is taken seriously, it also positions a business to adopt more mature frameworks in the future. Additionally, certification can unlock new opportunities, as many government contracts require vendors to have Cyber Essentials in place.
It is also worth noting that many cyber insurance eligibility questionnaires now reference Cyber Essentials. Demonstrating certification to an insurance provider may contribute to reduced premiums, adding further financial incentive to achieving compliance.
I would strongly encourage all businesses to try the free Cyber Essentials readiness tool and take advantage of the complimentary 30-minute consultation. Following this, there are many MSSPs out there, including Intersys, that can guide you through the requirements and help implement solutions that position you well for the assessment. They can also help strengthen internal procedures and provide valuable support in the event of a breach.”
Be the first to comment