Government opens consultation on cyber risk

The government is calling on industry to provide evidence on what it thinks is the best 'organisational standard' for effective cyber risk management, which it will then endorse as the preferred approach.

The UK government plans to select and endorse an organisational standard that best meets the requirements for effective cyber risk management.

The UK’s national cyber security strategy, published in November 2011, set out the government’s intentions to encourage industry-led standards and guidance for organisations to manage the risk to their information.

According to the Department for Business Innovation and Skills, there are currently various relevant standards and guidance, which can be confusing for organisations, businesses and companies that want to improve their cyber security.

The government aims to offer clarity to the private sector, based on the standard that is selected after public consultation.

“This call for evidence, and our subsequent selection of a preferred standard, will help businesses identify what good cyber risk management looks like and select which organisational standard to invest in,” the consultation notice said.

“Effectively managing the risk to its information should be a core part of any organisation, big or small,” the notice said.

The average cost of a small business’ worst information security breach in 2012 was £15,000-£30,000, and of a large organisation’s, £110,000-£250,000.

Organisations and groups are invited to indicate their interest in submitting evidence in support of their preferred standard by Monday, 8 April 2013.

The government said it will publish guidance for submitting bodies by Tuesday, 30 April 2013.

The final date for submitting evidence will be Monday, 14 October 2013.

For more information please click here

Please register to comment on this article