Companies bidding for public IT contracts in the UK will be subject to an obligatory security assessment under a scheme launched by the government today.
From October this year certification will be mandatory for companies bidding on public IT projects, in a bid to build public confidence in digital security following several high-profile security breaches of companies such as eBay, Avast and Monsanto.
David Willetts, MP and universities and science minister, said: "The recent GOZeuS and CryptoLocker attacks, as well as the Ebay hack, shows how far cybercriminals will go to steal people’s financial details, and we absolutely cannot afford to be complacent."
The programme is said by the government to reduce the risk of data loss and act as a quality guarantee to customers and other businesses, and will cover computers, mobiles and tablets, alongside email, web and application servers.
"We already spend more online than any other major country in the world, and this is in no small part because Britain is already a world leader in cybersecurity," Willetts added.
Overseen by CREST, an IT security non-profit, the scheme has been created in collaboration with the British spying agency GCHQ, an organisation more famous for stealing data than protecting it.
Tim Anderson, commercial director of Portcullis Security, said: "In addition to reducing the risk associated with opportunistic cyber threats, the certification provides a benchmark against which suppliers, partners and customers of approved organisations can judge their cyber security.
"While the scheme is ideal for small and medium sized enterprises, larger organisations and government departments will also see value in it, as it allows them to evaluate the security of their supply chain and smaller suppliers."
Mark Weil, chief executive of insurers Marsh, said: "We welcome this new government initiative to improve security practice to an accredited standard and believe it will make insurance more attainable for UK businesses."
