Maude: Security is an issue for the boardroom, not just IT

Cabinet Office minister urges businesses to ensure every employee is responsible for security

Francis Maude has urged business leaders to shoulder the burden of IT security and not leave it to the IT department.

In a speech at the Payments Council Cyber Security Conference, the Cabinet Office minister said keeping businesses safe from cyber criminals is the responsibility of everyone, from the chief executive to the most junior of staff.

"Responsibility for good cyber security is shared at every level," he said. "There is an onus on the most junior employee to protect his or her passwords, just as there's an onus on the chief executive and the non-executive directors to ensure cyber security is taken seriously in board meetings. So if they haven't already done so, then companies need to have a plan in place to protect themselves, with tried and tested contingencies.

"And cyber security must not just be an issue for the IT department – it's an issue for the boardroom too."

He talked up a government accreditation which he described as "the cyber security equivalent of the MOT certificate". The Cyber Essentials (CE) scheme, which was rolled out for the first time in the summer, allows businesses to undergo a certification process, after which they earn a CE badge to prove their security credentials.

From this month onwards, suppliers bidding for contracts which contain certain personal or sensitive information must be CE certified. Maude said the move was made "because we want good cyber practice to cascade down our supply chain".