Thursday, 2 May 2013

Innovation Vouchers for Cyber Security

The Technology Strategy Board within the UK has recently provided access to funding (up to £5,000) for SMEs, entrepreneurs and early stage start-ups looking to gain assurance around their ‘Cyber Security’.

Funding IT Security and assurance activity can be a real barrier to SMEs. When it is placed against other competing priorities, it often does not win the battle for internal funding. Nevertheless it remains a key enabler to business success. The UK Government stepping in to provide help with funding is a really positive step and a great opportunity for SMEs to overcome the funding barrier.

This blog post takes a look at the funding on offer and more importantly provides clarity around the terms used. This will enable organisations to clearly identify those areas they want to engage with and make best use of this external funding.

First important note:
Closing date for applications is the 24th July 2013 and is for UK based companies.

Second important note:
Don't be put off or confused by the term 'Cyber'. 
We are actually talking about information technology and computers. 
For more background on what 'Cyber' and 'Cyber Security' actually means take a look at my last blog post

Innovation Vouchers for Cyber Security
The Innovation Vouchers can be used to secure specialist services and consulting to help with the following:

  • Businesses looking to protect new inventions and business processes.
  • Businesses looking to ‘cyber audit' their existing processes.
  • Businesses looking to move online and develop a technology strategy.
  • Business start-ups looking to develop an idea into a working prototype and needing to build cyber security into the business from the very beginning.

This offers quite a range of options and many business projects could be aligned to fit and therefore be eligible for funding, But lets take a look at one specific area and see what could be done.

Businesses looking to ‘cyber audit' their existing processes

Lets take 'Cyber' as meaning information technology and an 'Audit' meaning a systematic review or assessment. Then a 'Cyber Audit' in this context is more simply put as an audit of the organisations information security controls. 

Audits can be paper based, with an auditor conducting a review of an existing control, or be delivered as a technical assessment, such as a vulnerability assessment / penetration test.

Audits are great for looking at the policy and processes within an organisation, where as a technical assessment will test that those controls actually deliver the required or expected level of security. The key here is to choose the most appropriate engagement for your own requirements.

Why would conducting an audit be a good step to take?

Today our business environment is more complex and interconnected than ever before. Business environments rely on electronic data as their lifeblood and the systems that enable the storage, transport, access and manipulation of this data have become critical. This has resulted in an era where networks and the applications sitting within them have become the very backbone of every organisation, regardless of their size and market sector. 

An audit or assessment of an organisation’s current approach to security can be used to identify if adequate information security management is in place to protect the level of information asset being hosted, stored, transmitted or processed. 

Just remember to choose a security consultancy that will work in close partnership with you to tailor the solution required and not just sell you a 'Cyber Product'.

A good engagement will leave you with a clear understanding of areas for improvement, the potential impact to you and more importantly what can be done to address these. 

A bad engagement will most likely leave you swimming in a sea of FUD (Fear, Uncertainty and Doubt)  and the frequency of the word 'Cyber' is likely to be proportional to the amount of proprietary solutions that the vendor sells to fix the issues they find. 


Costs can be a significant barrier for SMEs when it comes to security and the use of jargon can get in the way of our understanding of what can be done and why it is important. 

However, even small organisations need to be aware of their exposure to security. So, with the use of funding and approaching it from a knowledgeable position you can drive an engagement that will enable your organisation to gain an understanding of the security risks you carry and how to start addressing them in a risk based manner.

If you are looking to make use of this voucher then more information can be found here.