Build or upgrade your ISMS on our platform

Investing in cyber security can float all our boats

Why the UK government should offer infosec and privacy management software grants

The UK government’s recent budget offered some very practical help for Covid-hit SMEs. They’ve extended the furlough and business rates holiday schemes for specific sectors, and announced a brand new loan scheme to replace the Bounce Back and Coronavirus Business Interruption ones.

But we think they’re missing a big opportunity.

These initiatives are a very important life raft, supporting businesses through some very difficult times, but they won’t create substantial growth. That’s not good for British businesses and – because they won’t grow corporation tax revenues – not good for the government either.

If the government’s serious about growing the economy and “building back better”, it should step beyond its current thinking, focus on the digital world and put information security and privacy management on the agenda.


Boosting productivity isn’t enough

The government’s taken some first steps towards that with its Help to Grow: Digital grant scheme. It gives organisations free advice on productivity-boosting software, plus up to £5,000 towards buying that software. On the face of it, that looks very positive. We’re looking forward to digging through the fine print to see exactly what it’ll do for British businesses.

But there are a couple of issues we’re pretty sure it won’t address. We think productivity’s too narrow a target to aim for. Boosting it isn’t so helpful when, like now, there’s less new business coming in. And 93% of all businesses with more than ten staff are already using accounting and CRM cloud tools. This scheme doesn’t offer them anything new.


Cyber security’s a challenge for us all

Powerful potential customers are often very reasonably risk averse. They’ve seen how cyber threat levels are increasing. And they’ve watched as attacks like the recent SolarWinds exploit have affected not just individual organisations but entire supply chains.

The UK government’s own bodies are very aware of the problem. They’re alerting UK organisations to the scale of it, creating tools to help with it and taking strong punitive action when they don’t live up to their responsibilities:

  • According to the UK Department for Digital, Culture, Media and Sport’s “Cyber Security Breaches Survey 2020”, almost half of businesses (46%) and a quarter of charities (26%) reported cyber security breaches or attacks over a 12-month period.
  • In its 2020 annual review, the UK National Cyber Security Centre (NCSC) noted a rise in businesses experiencing phishing attacks (from 72% to 86%), though that was offset by a fall in attacks involving viruses or other malware (from 33% to 16%)
  • UK government schemes like the NCSC’s Cyber Essentials scheme and the Information Commissioner’s Office (ICO)’s data protection self assessment toolkit help organisations boost cyber security, though they’re not independently certifiable
  • At the end of 2020, the ICO fined a major British airline £20 million and an international hotel chain £18.4 million for failing to keep their customers’ data secure


Better cyber security boosts sales and builds brands

It’s something we know to be true because we’ve seen it happen time and again with our customers. When an organisation boosts its infosec and data privacy management systems, and achieves internationally recognised security standards like ISO 27001, it usually finds that:

    • It can reach a greater number of often larger customers, because more and more organisations are requiring excellent infosec and privacy as a basic condition of business
    • Its sales process becomes smoother and simpler, because it doesn’t have to spend as much time and effort proving how secure it is
    • Its reputation (and with it its brand) improves, because it’s shown just how seriously it takes its own and its customers’ security

We’ve mentioned ISO 27001 specifically because it’s an excellent infosec starting point. It sets clear requirements for creating and managing an information security management system, or ISMS. That ISMS can also comply with schemes like the UK government ones we’ve already mentioned.

If you follow the ISO 27001 requirements when creating your ISMS, it can be independently certified by an accredited certification body, further boosting its value. You can also build on your ISMS work to create privacy, business continuity and other management systems.


National action floats everyone’s boat

When individual organisations boost their information security, that’s good for them. When that action scales up to a national level, it’s good for everyone. Improving regional or national cyber security cuts crime and reduces threats across the board. And if organisations have to spend less time and effort fighting off cyber attacks, they’ll see a productivity boost too.

That’s something forward-thinking business hubs like Singapore have realised. The city state’s Enterprise Singapore programme boosts economic development with its digital transformation grant structure. It helps organisations achieve specific security standards like ISO 27001, among a range of other business efficiency and growth-boosting ones.

Helping UK companies achieve compliance with or certification for standards like ISO 27001 is especially important now we’ve left the EU. They combine instant international recognition with deep rigour and impact, boosting our status as a competitive nation and a desirable place to invest. Collaborative compliance software (like ours) simplifies the path to achieving and sustaining them.


Support cyber security with targeted grants

So that’s why we think the UK government’s missing a trick with their Help to Grow: Digital grant scheme. And we hope you already know how we think they should improve it.

We believe that collaborative compliance software is the best way of managing information security and data privacy. So we think that the government should establish a grant scheme that helps UK organisations:

      • Invest in infosec and privacy-focussed collaborative compliance software
      • Achieve and build on security-related standards like ISO 27001

That gives them a simplified, secure, sustainable way of achieving a competitive advantage both at home and abroad. It’ll boost productivity, driving growth and increasing the Government’s tax take. And it’ll make us all safer along the way.

See our platform in action