UKC3 has welcomed an announcement from the Good Business Charter that it is to build cyber security into its framework for responsible business behaviour.
The Good Business Charter (GBC) has been working with the Department for Science, Innovation and Technology (DSIT), and business accreditation bodies in order to make cyber security a formal part of best practice standards for its members.
It this week announced that it has added specific reference to cyber security within its accreditation framework. The new requirement sits within the accreditation’s eighth of 10 components of the framework, Commitment to Customers, and recognises the importance of protecting personal data of all stakeholders, including employees and suppliers.
The move comes soon after Ministers wrote to UK business leaders, encouraging them to take action to build their cyber resilience. As awareness of cyber risks grows and attacks become more sophisticated, it is essential business owners recognise that protecting stakeholders’ data is as essential as protecting their products, reputation, or finances.
UKC3 Director and Ecosystem Development Lead, Ben Shorrock, welcomed GBC’s decision, adding: “Improving cyber security skills is key for small businesses and the GBC making it a universal business standard marks another step forward.
“The benefit is clear: protecting data is no longer just a technical consideration – it’s central to building trust with customers, partners, and the wider supply chain. This is why the UKC3 network champions the sharing of best practice, through both seeding and nurturing new clusters, and acting as a national voice for established clusters’ excellence in cybersecurity.”
The updated GBC standard puts protection of personal data front and centre – not just for customers, but also for employees, suppliers, and anyone else connected to the member’s business.
The new requirement will be phased in over coming months. Current accredited organisations coming up for renewal within the next six months will have a grace period to update their practices in line with the new standards. However, new applicants seeking Good Business Charter accreditation must commit to these cyber security measures immediately.
Member businesses are also being encouraged to access the free resources that the government has to help businesses, including Cyber Essentials and the Cyber Governance Code of Practice.
The CEO of the Good Business Charter, Jenny Herrera, said: “The specific reference to cyber security adds strength to the accreditation – it was always implied within components that set out an organisation’s commitment to their customers and to their other stakeholders, but in spelling out the need to develop a positive cyber security culture we ensure the Good Business Charter remains relevant and comprehensive.”
Cyber Security Minister, Liz Lloyd, said: “Every firm now runs on digital systems, from payroll and payment readers to logistics. That dependence brings everyday exposure to cyber threats, and when those systems are hit, business stops.
“Making cyber security part of the Good Business Charter is a welcome move and demonstrates the importance of managing cyber risk – which is a key element of responsible business behaviour.”
The GBC was developed by entrepreneur, Julian Richer, in collaboration with the Confederation of British Industry (CBI) and the Trades Union Congress (TUC) and is the responsible business benchmark for more than 1,000 organisations of all sizes. The ten components of its framework cover care for employees, suppliers, customers and the planet, as well as paying a fair share of UK tax.
