Cyber Essentials is a government-introduced, industry backed cyber security certification that enables organisations to showcase their credentials as a trustworthy and secure organisation when it comes to cyber security.
A full overview of Cyber Essentials is available for free in our scheme summary document.
Cyber Essentials is the minimum certification an organisation needs to implement to bid for new MOD defence contracts which include the transfer of ‘MOD identifiable information’.
The MOD has had this made this requirement mandatory since January 2016 for suppliers looking to do business in the defence sector.
As the risk level goes up, some additional controls are required that can be evaluated through Cyber Essentials Plus vulnerability tests.
The controls that need to be in place to achieve Cyber Essentials certification protect a business from around 80% of common cyber attacks.
What’s more, certification costs far less than a cyber breach. The Cyber Security Breaches Survey 2017 indicated this cost is on average £1,340 per instance.
Certification allows your business/organisation to promote itself as cyber secure up to the Cyber Essentials base level, which can make a real difference when bidding for contracts.
When you receive your Cyber Essentials certificate, you will also receive the relevant Cyber Essentials branding to use on collateral such as tender bids for one of the many defence contracts available through DCI.
*Cyber Essentials is mandated by the MOD in order to bid for MOD tenders. Without this certification, suppliers are less likely to win defence procurement opportunities through the MOD.
The complete Cyber Essentials scheme is made up of two progressive stages – Cyber Essentials and Cyber Essentials Plus.
Cyber Essentials is the first stage and is a foundation level certification that provides a clear statement of the basic controls your organisation should have in place to mitigate the risk from common cyber threats.
Cyber Essentials plus is the second stage, and is a more rigorous test of your organisation’s cyber security systems where our cyber security experts carry out on-site vulnerability tests to ensure that your organisation is protected against basic hacking and phishing attacks.
The difference between the two is the on-site vulnerability tests that are carried out for Cyber Essentials Plus certification. All organisations seeking certification must complete the first stage (Cyber Essentials), but some organisations, depending on their structure and the severity of the risks they face, will need to complete Cyber Essentials Plus.
Cyber Essentials Plus is commonly seen as the demonstration of an organisation’s IT maturity. We would recommend Cyber Essentials Plus if your organisation has over 250 members of staff, each with one or more connected devices.