At Nine23, we are dedicated to building solutions that prioritise security from inception to disposal. Recently, our CEO, Stuart McKean, had the privilege of chairing the TechUK Cyber Security SME Forum on the Secure by Design Principles, hosted by Fotini Tsekmezoglou from the Cabinet Office’s Central Digital & Data Office (CDDO). This forum was crucial in highlighting what Secure by Design means for SME members like Nine23, who are part of the UK Public Sector supply chain, and how it aligns with our ongoing commitment to secure digital delivery.
Why Secure by Design Matters
The Secure by Design Mandate has become a cornerstone of ensuring robust cyber resilience across government organisations and their entire supply chains. It represents a shift from reactive measures to proactive integration of cyber security practices throughout the entire digital delivery lifecycle. This approach is not only critical for government departments themselves but also for all the suppliers—large or small—who are involved in delivering services to these organisations. From SMEs to large contractors, everyone within the supply chain is responsible for ensuring that security measures are integrated at every stage.
Outcome 9 of the Government Cyber Security Strategy
“…ensure that appropriate and proportionate cyber security measures are embedded within the technology government uses, and that the security of digital services is continually assured throughout their lifecycle.”
Commitment 11 of the Roadmap for digital and data, 2022 to 2025
“All new services shall comply with the common approach to Secure by Design”
The importance for SME’s and the Wider Supply Chain
Small and medium-sized enterprises (SMEs) play a vital role in driving innovation and growth within the UK economy. The government is committed to maximising spend with SMEs through supporting start-ups and small businesses. Therefore, the Secure by Design approach is particularly crucial for SMEs who play a critical role in government supply chains.
However, the importance of Secure by Design extends beyond SMEs to all suppliers within the chain. As supply chains become increasingly complex and interconnected, the weakest link could create vulnerabilities for the entire system. A breach in one supplier’s system can lead to wider consequences across the whole supply chain, affecting government services and critical infrastructure. By embedding Secure by Design principles across all levels of the supply chain, we ensure a consistent and robust approach to security that benefits the entire ecosystem.
Secure by Design:
- Improves cyber resilience across government organisations by embedding security in every phase of digital projects.
- Incorporates cyber security practices throughout the digital delivery lifecycle, ensuring that security isn’t an afterthought but a guiding principle.
- Highlights cyber security risks as business risks, making security a shared responsibility across all teams and leadership.
The Benefits of a Secure by Design
By adopting Secure by Design principles, organisations—whether directly involved or part of the supply chain—can foster a collaborative and resilient digital ecosystem. Here are some of the key benefits discussed at the forum:
- Increased Collaboration
Secure by Design encourages closer integration between security and delivery teams, breaking down silos to ensure seamless security implementation. - A Positive Security Culture
It helps create a culture where non-security teams are empowered and upskilled, making security practices second nature to everyone involved. - Proportionate Security Controls
The focus is on using security controls that are appropriate for the context, rather than applying one-size-fits-all solutions, ensuring both efficiency and effectiveness. - Continuous Security Focus
Rather than relying on point-in-time assurances, Secure by Design shifts the focus to continuous security throughout the lifecycle of digital services, ensuring that security evolves with emerging threats. - Cyber Assurance Framework Outcomes
Adhering to these principles helps organisations achieve the outcomes defined by the Cyber Assurance Framework, ensuring that services are not only secure but also compliant with evolving standards.
Moving Forward with Secure by Design
At Nine23, we have always championed security as a fundamental part of our solutions. Our involvement in the TechUK SME Forum, Chaired by Nine23, CEO Stuart McKean, is a testament to our commitment to the Secure by Design mandate. We believe that embedding security at the core of digital delivery not only protects organisations but also builds trust and enhances the overall resilience of the public sector, government supply chains, and critical national infrastructure (CNI).
As we continue to lead discussions around Secure by Design, we look forward to helping our clients, partners, and their entire supply chains integrate these principles into their operations. Ensuring that security is not just a checkpoint, but a continuous practice is key to protecting the broader ecosystem from emerging threats.
Up next… in our Secure by Design campaign, we’ll be diving deeper into the Secure by Design approach. In the coming weeks, we’ll be sharing a series of thought leadership blogs, each focusing on one of the key principles, offering insights and practical guidance on how to integrate these into your organisation’s digital delivery processes. Stay tuned for expert perspectives on improving cyber resilience, fostering collaboration, and embedding security as a core business practice.
Read Now: Principle 1. Create Responsibility for Cyber Security Risk
Image by freepik
