Understanding Cyber Essentials Accreditation
Since 2014, suppliers bidding on specific types of contracts with the British government were required to achieve Cyber Essentials accreditation if the contract involved the handling of sensitive and personal government information. Nine years later, following the drastic uptake of the scheme, the government has expanded the scope of requirements for greater protection. Could these changes affect you? Continue reading to find out.
PPN 19/23: Government's New Mandate
On the 19th of September 2023, the Cabinet Office released PPN 19/23, a Procurement Policy Note which sets out the actions organisations should take to identify and mitigate cyber threats for certain types of contracts and applies to all central government departments, their executive agencies, non-departmental public bodies, and NHS bodies. This means that for all government-backed organisations listed above, they will now be required to enforce Cyber Essentials accreditation throughout their supply chains if the contracts they offer include sensitive or personal information. But why is the government so concerned about supply chain attacks?
Rising Threat: Major Supply Chain Cyber Attacks
Over the last six months, the UK has seen major supply chain cyber-attacks that have affected the likes of British Airways, Boots, and the BBC. In June 2023, MOVEit, a software file transfer tool, fell victim to a cyber-attack. As a trusted 3rd party supplier, they were privy to sensitive client information, but without adequate cyber protection, attackers were able to breach the company, costing an estimated 11 billion dollars, as well as untold further reputational damage. How much would a supply chain attack cost your company?
Challenges for Small Organisations
Supply chain attacks are becoming more and more prevelant as attackers target larger organisations. Unfortunately, for smaller organisations who have pre-existing relationships with the larger organisations, they are targeted by attacks as an easy entry path through to the larger organisations. This is because they simply don’t have the same level of budget to invest in their own security. Your finance director may be wary of an invoice from an unknown sender, but would they be wary of an invoice from a supplier they’ve worked with for years? Would you be able to spot an infected pdf file from a trusted sender?
Building a Robust Public Service
By expanding the list of public organisations which are responsible for strengthening their supply chains, the government starts to build a more uniform and robust public service. This means that in the future, NHS bodies and central governmental agencies should be better equipped to withstand a cyber-attack and provide the public with the services they need. If you are an organisation that holds sensitive and personal government information obtained through a contract with the NHS, governmental agency, or executive agency, you will soon be required to gain Cyber Essentials accreditation.
In today’s digital landscape, safeguarding your business isn’t just a choice; it’s a necessity. As we’ve explored the critical importance of Cyber Essentials accreditation in fortifying your supply chains, the path to a secure future has never been clearer.
By embracing these essential practices, you’re not just protecting your data; you’re securing your reputation and ensuring the trust of your clients. At Risk Evolves, we’re not just here to inform, but to empower. Contact us today and let’s make your security our priority.
Ready to fortify your business against cyber threats?
Don't wait! Risk Evolves is a National Cyber Security Centre accredited Assured Service Provider for Cyber Essentials accreditation.
Contact our experts at Risk Evolves now. Safeguard your future, get in touch today!