Only a few days to go: We’re raising £25,000 to keep TheyWorkForYou running and make sure people across the UK can hold their elected representatives to account.

Donate to our crowdfunder


Department for Culture, Media and Sport written question – answered on 27th February 2017.

Alert me about debates like this

Photo of Andrew Gwynne Andrew Gwynne Shadow Minister without Portfolio (Cabinet Office), Campaigns and Elections Chair

To ask the Secretary of State for Culture, Media and Sport, whether the Cyber Essentials scheme includes requirements to educate staff on the risk of (a) phishing attacks through email and (b) other user induced attacks.

Photo of Matthew Hancock Matthew Hancock Minister of State (Department for Culture, Media and Sport) (Digital Policy)

The Cyber Essentials scheme sets out the basic technical controls which all organisations relying on the internet should have in place to prevent common online attacks. The scheme requires up-to-date malware protection software to be installed on all internet-connected computers: this is designed to detect and disable the malicious software which an organisation might be exposed to via phishing attacks, and prevent users making connections to malicious websites on the internet.

Cyber Essentials is a technical scheme and staff awareness training is therefore out of scope; however other pieces of guidance from the Government do recommend this. For example, the ‘10 Steps to Cyber Security’, the Government’s key piece of advice for organisations on managing cyber risk, sets out the importance of user education and awareness.

The Government offers a range of free online cyber security training programmes at In addition, the National Cyber Security Centre recently published a blog about phishing and user training, which explains that phishing is best tackled by implementing good technical defences and combining these with reasonable levels of user awareness, education and training:

Does this answer the above question?

Yes0 people think so

No0 people think not

Would you like to ask a question like this yourself? Use our Freedom of Information site.