What is Cyber Essentials?

Cyber Essentials is a Government-backed and industry-supported scheme that helps businesses protect themselves against the growing threat of cyber attacks.

The certification defines a focused set of controls which provide clear guidance basic cyber security for organisations of all sizes, and offers a sound foundation of cyber security measures that all types of organisations can implement at a low cost.

Cyber Essentials is a self assessment accreditation where business can assess their current cyber security against five key areas. Cyber Essentials is made up of two elements a self certification process and an online vulnerability test

Being Cyber Essentials certified is mandatory for all organisations bidding for all central government contracts, including with the MOD, that deal with the handling of personal information and the provision of certain ICT products and services. Therefore, if you’re looking to bid for these contracts, you must hold a Cyber Essentials certification.

Why become Cyber Essentials certified?

Cyber Essentials certification indicates that your organisation takes a proactive stance against malicious cyber attacks. In addition, it offers a mechanism to demonstrate to customers, investors, insurers and others that you have taken the minimum yet essential precautions to protect your organisation against cyber threats. The National Cyber Security Centre states that undertaking the Cyber Essentials certification process and implementing even one of the five controls required by Cyber Essentials can protect businesses from around 80% of attacks.

The Cyber Security Breaches Survey 2017*  indicated that over 47% of UK business suffered a cyber attack in the past 12 months, so it’s extremely important that your organisation has the necessary precautions in place to protect itself when – rather than if – it is attacked.

Other benefits of the Cyber Essentials certification include:

  • Giving your organisation a competitive advantage over rivals who do not have the accreditation
  • Gaining an expert oversight of your cyber security controls
  • Safeguarding commercially sensitive data

* The Cyber Security Breaches Survey 2017 is a Gov.uk report and is available here

 

 

 

Why is Cyber Essentials important for SME's?

Whether you are a large or small business, the risks of not being cyber secure are constantly increasing. A successful cyber attack poses a real threat to any business’s day-to-day operations.

According to the Cyber Security Breaches Survey 2017*, the average cost of a cyber attack to an SME is around £1,380. This is over four times the cost of applying for and becoming Cyber Essentials certified.


*Full Cyber Breaches 2017 report is a Gov.uk report and available here

What do the experts say about Cyber Essentials?

“No matter how big the business, no organisation is too small to be a target for cybercriminals. For many large enterprises, with the IT and security support in house, taking a comprehensive and strategic approach to cyber security is often high on the priority list. For SMEs, knowing where to start is often one of the greatest challenges. For others, who don’t have substantial budgets for enterprise security products, there’s a lack of understanding of how valuable just introducing the basics is.

“The Government’s Cyber Essentials scheme has helped many UK SMEs make huge strides in their cyber defences. Achieving this basic level of cyber security is claimed to prevent up to 80 per cent of cyber attacks, to which organisations would otherwise be vulnerable. The scheme represents a brilliant resource for SMEs which want to take their first steps into better cyber hygiene, and ensure that they’re putting their efforts and budget into the most effective defences.” – Gordon Morrison, Director of Government Relations, McAfee

 

Gordon Morrison, Director of Government Relations, McAfeeGordon Morrison, Director of Government Relations, McAfee

“Cyber Essentials provides the foundation for good cyber security. It demonstrates that an organisation is doing the simple things well and means they are likely to be able to prevent a lot of attacks being successful. It is also the basis for the Defence-specific Cyber Security Model.” – Daniel Selman, Deputy Head of Cyber Security, MOD