Speech

Cyber Essentials 10 years on

A speech by cyber security Minister Feryal Clark at the 10 year anniversary event for the Cyber Essentials scheme.

Feryal Clark MP

Good afternoon everyone.  

Thank you for joining us to celebrate the 10 year anniversary of Cyber Essentials.  

What an occasion. I’m very excited to be here with all of you today.   

It’s important we take time to recognise and reflect on the success of Cyber Essentials – and how it plays an important part in making the UK more cyber resilient.  

Two years ago the government hosted a similar event to mark the award of the one hundred thousandth Cyber Essentials certificate. This represented a significant moment in the growth of the scheme. 

Since then, we’ve awarded almost ninety thousand more – so it looks like we may have to host yet another celebratory event in a few months time!  

It is great to see the rapid growth in the scheme, and I firmly believe that with your help, its growth can be accelerated and its impact further reaching.  

Now – we are often asked about how effective the scheme is.  

We have always believed Cyber Essentials helps drive better cyber security across the economy.  

However, we can now prove that it does.  

Recent insurance data shows us that organisations with Cyber Essentials are 92% less likely to make a claim on their insurance than those without it.  

Additionally, where organisations require their third parties to get Cyber Essentials, we know they experience fewer third party cyber incidents.  

We’ll discuss this later in the panel discussion.  

In short, Cyber Essentials is working. 

The government has made a concerted effort over the past couple of years to assess the efficacy of the scheme.  

Today, we have published an independent impact evaluation report which I encourage you all to read.  

It provides fascinating insights into the impact Cyber Essentials is having in many different areas. 

The evaluation concludes that Cyber Essentials is providing cyber security protection to organisations of all sizes.  

82% of certified organisations are confident the controls provide protection against common cyber threats.  

It further concludes that Cyber Essentials is improving organisations’ awareness and understanding of the cyber security risk environment, enabling them to become more informed and confident in mitigating cyber risks.  

We know it works, and we now need more organisations to embed the Cyber Essentials controls and grasp the economic benefits of secure digital adoption. 

I’d now like to talk about supply chains.  

All organisations face cyber security risks, and will benefit from getting the Cyber Essentials controls in place.  

However, long gone is the time when protecting your own perimeter was sufficient. Supply chain attacks are increasing in prevalence, and their impact can be far reaching. 

For example, the recent cyber attack on IT provider Synnovis had a devastating impact on London hospitals, with many thousands of appointments and operations cancelled.  

We know many organisations across the economy are struggling to manage the cyber security risk presented by suppliers.  

This is clearly reflected in the fact that just 6% of UK businesses are assessing cyber risks in their wider supply chain. 

This is simply too low and presents a concerning scenario.  

Supply chain attacks are increasing, while limited efforts are being made to address this increased risk.  

We know it is difficult – it requires skill and valuable resources to do effectively.  

Against this backdrop, we firmly believe Cyber Essentials has a more important role to play.  

By requiring suppliers, or other third parties, to have Cyber Essentials themselves, customers gain tangible assurance that fundamental cyber security controls are in place, and they are protected from common cyber attacks.  

Such assurance is no longer a ‘nice to have’ - it’s a necessity. Embedding Cyber Essentials requirements across supply chains will drive up the cyber maturity of our whole economy. 

This is a real priority for me.  

Which is why I’m pleased to announce that my department and the National Cyber Security Centre today published a joint statement with the UK’s largest banks and building societies. These include Santander UK, Nationwide, Barclays, Lloyds Banking Group, TSB and NatWest.  

I thank them all for their efforts.  

This collaboration aims to raise the levels of cyber security in critical national supply chains by exploring ways to expand the role of Cyber Essentials within their supplier assurance processes.  

We will hear more about this shortly, but I wanted to make clear my enthusiasm and support for this collaboration, which we hope to replicate with other sectors across the economy. 

On that note, I wanted to end with a request.  

This new government is determined to make the UK safer, more secure and prosperous. To that end, we want to work with you, to partner with you, in raising the cyber security baseline across our economy.  

We are taking huge strides to improve the cyber resilience of the UK, including through the forthcoming Cyber Security and Resilience Bill. The Bill will have a significant impact on enhancing the cyber resilience of the UK.  

However, the proposed legislation must be complemented by other efforts to improve cyber security across the wider economy.  

We must do this together.  

Many of those in attendance today represent large, influential organisations with large supply chains.  

I invite you all to join us on the journey to embed Cyber Essentials across the UK, by incorporating it within your own supplier requirements.  

As you do this, we will do our utmost to ensure all organisations, especially SMEs, are supported in their efforts to become certified.  

Together we can make a huge difference in reducing the economic and social harm impacting our businesses and citizens.  

Thank you for being here and supporting us today. We look forward to closer collaboration in the future. 

Thank you. 

[ends]

Updates to this page

Published 23 October 2024