How Cyber Secure is your Region?
When it comes to businesses implementing positive measures to protect against cyber threats, several UK regions claim they are the most cyber secure. Without a recognised basis to determine the assertion, it has been difficult to acknowledge exactly which UK region does lead the way. Now, the IASME Consortium has laid down a comparator to evidence exactly which UK region does have the right to claim the cyber secure crown.
The regional ‘Cyber Secure Table’ published by the IASME Consortium utilises their own figures for businesses successfully certifying against the Government backed Cyber Essentials scheme. To gain the certification, businesses must have implemented controls in the five most important technical areas identified by government as those that, had measures been in place, would have stopped the majority of successful cyber-attacks over recent years. Although the figures are based solely on IASME’s own certification statistics, with such a significant market share, the figures can be taken to be a reliable overall reflection.
So which region does come out on top? The analysis conducted by IASME sought to identify the proportion of businesses certifying to the effective Cyber Essentials scheme against the number of businesses located within each respective region. The exercise found that it was Welsh businesses that led the way out of the 12 UK regions.
And there may be a valid reason as to exactly why Wales heads the table. With many Welsh Government contracts mandating Cyber Essentials, it is perhaps not surprising to see Wales come out on top. The placings, however, were tight with the South East finishing a close second. The West Midlands completed the top three marginally ahead of neighbouring East Midlands.
At the opposite end of the table, the East of England propped up its peer regions followed by Northern Ireland and Yorkshire & Humber. The reality of the statistics, however, demonstrate that, if we use Cyber Essentials certification as a gauge, there is scope for greater investment in cyber security from businesses throughout the UK. With cyber threats growing in both volume and sophistication, the controls demonstrated by Cyber Essentials have a key role to play in helping Government achieve its ambition to make the UK to be the safest place to do business on-line.
Commenting on the Welsh success story, IASME’s CEO, Dr. Emma Philpott said, “ I’m delighted that Welsh businesses are investing in cyber security. A number of regions claim they are the most cyber-secure in the UK, our analysis can now provide the evidence necessary to substantiate current and future claims.” Laying down the gauntlet for some friendly inter-region rivalry, Emma continued, “Cyber Essentials delivers significant benefit to the business community, primarily enhanced resilience against cyber threats and access to tender opportunities. Hopefully, our regional table can trigger the start of a nationwide challenge that encourages yet more businesses to adopt measures that help protect both themselves and their customers against a very real threat to all businesses.”
Cyber Essentials is acknowledged by the National Cyber Security Centre, the authoritative voice on cyber security, as good practice in the fight against online cyber-attacks such as phishing and ransomware. It is similarly recognised by the Information Commissioner’s Office as evidence of the positive actions taken by an organisation to comply with their security obligations under the General Data Protection Regulation (GDPR).
This is the first time this regional analysis has been conducted. With Cyber Essentials gaining traction and popularity, the league table in 2019 may be very different. Watch this space!
IASME Cyber Essentials Certifications
‘Cyber Secure Table’ by UK Region
1. Wales
2. South East
3. West Midlands
4. East Midlands
5. London
6. North West
7. North East
8. Scotland
9. South West
10. Yorkshire & Humber
11. Northern Ireland
12. East of England
Table compiled by IASME Consortium Ltd based on number of certifications issued by IASME proportionate to the number of businesses in the respective region. Businesses by region data based on BIS ‘business statistics by regions and countries of the UK, 2017.’
Please note, this blog may contain guidance and information that is outdated.
On 24th January 2022, the Cyber Essentials technical requirements were updated in line with current cyber security threats. The self-assessment question set changed from version ‘Beacon’ to version ‘Evendine’. Blogs and articles published before that date, may no longer accurately reflect the Cyber Essentials requirements