As a specialist recruiter in the Cyber Security space, I wanted to meet with our Head of IT for the Taranata Group, Conor Bradley. We decided to sit down to talk about the importance of cyber security accreditations for businesses and how our recruitment businesses can help you with the talent needed to achieve them.
Mitesh: Hi Conor, first of all, thanks for sitting down with me about this! I think we both know the importance of a cyber security accreditation for businesses in this day and age but can you briefly explain what cyber security accreditation is and why it’s important for businesses to consider
Conor: Of course. Cyber security accreditation is a process that assesses an organisation's security measures and verifies that they meet specific standards. This could be done through third-party audits, certifications, or other forms of accreditation. Cyber security accreditation is important for businesses because it helps to ensure that their data and systems are secure from potential threats, such as cyber-attacks or data breaches.
Mitesh: I seem so what are the common accreditations you see in the UK?
Conor: Cyber Essentials basic is probably the most common, with a smaller number of businesses using either Cyber Essentials Plus or ISO27001.
Mitesh: Well, we’ve achieved Cyber Essentials basic, then went on to Cyber Essentials Plus at the Taranata Group. Can you say a little about the differences between the available accreditations?
Conor: Sure – Cyber Essentials basic (CE) is commonly the first accreditation businesses will go for as its relatively quick and easy, only requiring businesses to complete a self-assessment which asks the business if they meet a list of cyber security best practices. After that many businesses will go onto the Cyber Essentials Plus (CE+) or ISO27001 levels which require a third party to carry out a hands-on technical verification.
Mitesh: I see, so why should businesses be considering cyber security accreditation?
Conor: There’s a variety of internally and externally driven reasons business should be looking at this area. Internally, I feel that businesses should make it a point of pride that they follow industry best practice in their efforts to secure their data and systems. Aside from that, the financial impact of a data breach today in terms of potential regulatory body fines, cost to restore and business loss from reputational damage are all reasons why it makes sense for businesses to invest and plan in this area. Externally, I'm sure you're seeing more and more companies require some kind of accreditation from their partners with CE+ now becoming a requirement for companies bidding for most government contracts involving provision of services involving personal data. Cyber Insurance providers are also frequently requiring businesses to achieve CE+/ISO27001 accreditation as a pre-requisite for cover.
Mitesh: What types of businesses would benefit most from cyber security accreditation?
Conor: To be honest, all businesses benefit from cyber security accreditation, regardless of their size or industry. I know you're currently placing a lot of highly experienced candidates with certifications like CISSP (Certified Information Systems Security Professional) or experience in roles like Security Architect, into large regulated areas like the financial and legal sectors but there’s demand from across the board including SMEs. The pandemic was a huge driver in this area as workforces moved to a much more remote working posture and IT teams were to deliver that in a secure way.
Mitesh: Thanks Conor, I hope this conversation clears up some questions for those looking into fortifying their cyber security!
Conor: Of course, and if they need to know more, they can always give us a call!