The UK Department for Science, Innovation and Technology (DSIT) has published a review of the government-owned Cyber Essentials scheme.
In the nine since it was introduced, the Cyber Essentials scheme developed by DSIT along with the National Cyber Security Centre (NCSC) and delivered through the IASME Consortium has only certified 35,000 organisations across the country. The figure represents a tiny percentage of the estimated 5.5 million private sector businesses in the UK.
While the number of certifications has grown from fewer than 500 per month in January 2017 to just under 3500 in January 2023, several concerns have been raised about the scheme. Some users have expressed that the controls are not relevant to their organisation, and there are challenges to implementing cyber security measures by organisations of different types, sizes and sectors. Strategic stakeholders have advocated for more in-built flexibilities where possible.
The review made several recommendations:
- Increase awareness of security threats and offer users informed choices concerning solutions
- Improve information, tools and guidance
- Offer more tailored information
- Consider making Cyber Essentials more responsive to current user needs
- Strengthen robustness and transparency
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 5,750 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.