About Cyber Essentials
What is Cyber Essentials?
Cyber Essentials is a Government-backed and industry-supported scheme that helps businesses protect themselves against the growing threat of cyber attacks and provides a clear statement of the basic controls organisations should have in place to protect them.
Gaining Cyber Essentials certification enables organisations to showcase their credentials as trustworthy and secure when it comes to cyber security.
The certification defines a focused set of controls which provide clear guidance on basic cyber security for organisations of all sizes, and offers a sound foundation of cyber security measures that all types of organisations can implement at a low cost.
- Cyber Essentials is the minimum certification an organisation needs to implement in order to bid for new public sector contracts which include the transfer of public sector identifiable information.
- Cyber Essentials Plus is a more rigorous test of your organisation’s cyber security systems where our cyber security experts carry out vulnerability tests to make sure that your organisation is protected against basic hacking and phishing attacks.
Being Cyber Essentials certified is mandatory for all organisations bidding for all central government and MOD contracts that deal with the handling of personal information and the provision of certain ICT products and services. Therefore, if you’re looking to bid for these contracts, you must hold Cyber Essentials certification.
A full overview of Cyber Essentials is available for free in the scheme summary document.
Comply - Protect - Promote
Cyber Essentials provides organisations with clarity on what essential security controls they need to have in place to reduce the risk posed by threats on the internet with low levels of technical capability.
- Comply and win more contracts with UK government*
- Demonstrates control of your business network security
- Protect against 80% of common cyber attacks
- Protects your business from data theft
- Helps drive business efficiency and cost saving
- Promote your commitment to cyber security
* Without this certification, suppliers are less likely to win public sector contracts.
Why become Cyber Essentials certified?
Cyber Essentials certification indicates that your organisation takes a proactive stance against malicious cyber attacks. In addition, it offers a mechanism to demonstrate to customers, investors, insurers and others that you have taken the minimum yet essential precautions to protect your organisation against cyber threats. The National Cyber Security Centre states that undertaking the Cyber Essentials certification process and implementing even one of the five controls required by Cyber Essentials can protect businesses from around 80% of attacks.
The Cyber Security Breaches Survey 2017* indicated that over 46% of UK businesses suffered a cyber attack in the past 12 months, so it’s extremely important that your organisation has the necessary precautions in place to protect itself when – rather than if – it is attacked.
Other benefits of the certification include:
- Giving your organisation a competitive advantage over rivals who do not have the accreditation
- Gaining an expert oversight of your cyber security controls
- Safeguarding commercially sensitive data
Why is Cyber Essentials important for SMEs?
Whether you are a large or small business, the risks of not being cyber secure are constantly increasing. A successful cyber attack poses a real threat to any business’s day-to-day operations.
According to the Cyber Security Breaches Survey 2017*, the average cost of a cyber attack to an SME is around £1,380. This is over four times the cost of applying for and becoming Cyber Essentials certified.
Cyber Essentials in public procurement
The UK public sector market is worth over £200 billion per annum and Cyber Essentials can support your business in its efforts to become a supplier to the public sector.
Essentially the government won’t do business with you unless they know you, and the companies you do business with, are secure from cyber attack.
In a speech at the Institute of Directors in March 2017, Minister of State for Digital and Culture Matt Hancock said: “I mentioned the Government already requires many of its suppliers to hold a Cyber Essentials certificate. We’ll be strengthening this requirement to ensure even more of our contractors take up the scheme.”
Since October 2014 Cyber Essentials has been mandatory for suppliers of Government contracts which involve handling personal information and providing some ICT products and services.
Holding a Cyber Essentials certification enables you to bid for these lucrative contracts.
Who is Cyber Essentials for?
Cyber Essentials is for all organisations, of all sizes, and in all sectors. The Government encourages all organisations to look at the requirements and adopt them. This is not limited to companies in the private sector, but is also applicable to universities, charities, the public sector and not-for-profit organisations.
What do the experts say about Cyber Essentials?
“No matter how big the business, no organisation is too small to be a target for cybercriminals. For many large enterprises, with the IT and security support in house, taking a comprehensive and strategic approach to cyber security is often high on the priority list. For SMEs, knowing where to start is often one of the greatest challenges. For others, who don’t have substantial budgets for enterprise security products, there’s a lack of understanding of how valuable just introducing the basics is.
“The Government’s Cyber Essentials scheme has helped many UK SMEs make huge strides in their cyber defences. Achieving this basic level of cyber security is claimed to prevent up to 80 per cent of cyber attacks, to which organisations would otherwise be vulnerable. The scheme represents a brilliant resource for SMEs which want to take their first steps into better cyber hygiene, and ensure that they’re putting their efforts and budget into the most effective defences.” – Gordon Morrison, Director of Government Relations, McAfee
“Cyber Essentials provides the foundation for good cyber security. It demonstrates that an organisation is doing the simple things well and means they are likely to be able to prevent a lot of attacks being successful. It is also the basis for the Defence-specific Cyber Security Model.” – Daniel Selman, Deputy Head of Cyber Security, MOD
Background to Cyber Essentials
Cyber Essentials is a government-backed, industry-supported scheme to help organisations protect themselves against common cyber attacks. Poor cyber security can damage your reputation and cost you business whereas strong cyber security can boost your reputation and win you more business at home and overseas.
Based on the Cyber Security Breaches Survey 2017*, only one in ten businesses has a cyber security incident management plan in place despite just under half (46%) of all UK businesses identifying at least one cyber security breach or attack in the last 12 months. The report also highlighted that around 13% of UK businesses are attacked daily, with attacks being more prevalent where the core business functionality is not online-focused.
It is also estimated that security breaches will continue to increase in the next year. The survey found 59% of respondents expected to see more security incidents. Businesses need to ensure their defences keep pace with the cyber threat.
*The Cyber Security Breaches Survey 2017 is a Gov.uk report. For more guidance, click here.