By Malcolm Marshall
The government isn’t afraid to be at the forefront of mandating cyber security standards in procurement. It’s fair to say that organisational cyber security standards are keenly awaited by the security community and by business at large, but to work effectively they must be pragmatic and recognise the challenges of smaller firms trying to raise their cyber security game.
It will go some way towards bolstering UK plc’s cyber defences, yet the more advanced businesses recognise that standards are not a substitute for a genuine board level debate on the threat posed to today’s firms. It is also worth reminding ourselves that commerce in cyber space is global, and that any UK standard must build on recognised international approaches, with a weather eye on US initiatives. We need to resist the temptation of the UK ploughing its own furrow.
The recent FTSE 350 cyber health check also showed that we have a way to go in raising awareness in the boardroom, helping executives understand the cyber threat and make sensible investment decisions to protect their business. The Cyber Security Information Sharing Partnership is a good start. It is important that businesses and government see it as just that, the first step towards frank and timely sharing of information on the rapidly changing cyber threat.
About the author and KPMG
Malcolm Marshall is KPMG’s head of cyber security.
KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and operates from 22 offices across the UK with approximately 11,500 partners and staff. The UK firm recorded a turnover of £1.8 billion in the year ended September 2013. KPMG is a global network of professional firms providing Audit, Tax, and Advisory services. It operates in 155 countries and has 155,000 professionals working in member firms around the world. The independent member firms of the KPMG network are affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. Each KPMG firm is a legally distinct and separate entity and describes itself as such.