Nearly two thirds of UK businesses have assigned high priority to cyber security, but only two fifths have implemented the set of minimum security controls suggested by the Cyber Essentials scheme, according to the government’s Cyber Security Breaches Survey 2016.
A lack of awareness could explain why UK companies are resistant to adopting this security framework, which can help prevent around 80% of Internet-based threats. Below, you can find 6 reasons your company should consider Cyber Essentials or Cyber Essentials Plus certification.
1. Drive business efficiency
The amount of time, money and resources that companies spend fixing/sorting out bits and pieces without a coherent and consistent plan can be better invested in other business areas. Implementing the five security controls gives you a broad and consistent view of your company’s security defences, leaving room to focus on growing your business. Read more about this point in the free guide >>
2. Enhance business reputation and competitiveness
Cyber attacks have a huge impact on brand awareness and reputation. According to a report published by KPMG, 58% of UK consumers would be willing to stop doing business with a breached organisation. By being Cyber Essentials certified, your company will not only improve its chances of avoiding data breaches, it will also receive the Cyber Essentials badge to show its compliance with the scheme and thus demonstrate to customers, suppliers, insurers and third parties that precautions against cyber risk have been taken.
3. Secure the supply chain
It’s not just consumers who are concerned: businesses seek assurance that suppliers are cyber secure. According to the aforementioned KPMG report, 86% of procurement managers are willing to remove an organisation from their supply chain because of a breach. By requiring all companies bidding for contracts that involve the handling of sensitive information to be Cyber Essentials certified, the UK Government has set a good example to UK companies, highlighting the importance of a secure supply chain for ongoing business.
4. Reduce insurance premiums
According to The Role of Insurance in Managing and Mitigating the Risk report, “Cyber Essentials would provide a valuable signal of reduced risk when underwriting cyber insurance for SMEs, allowing them to use a reduced question set and informing their decisions to underwrite”. Consequently, SMEs will find their applications for cyber insurance simplified, often resulting in reduced premiums.
5. Proof of efficacy
According to internal research looking at IT Governance’s Cyber Essentials-certified clients, 95% haven’t had a data breach (that they know of) since they achieved certification to the scheme. Although we cannot 100% guarantee that this outstanding result is due to the certification, the correlation between the two is strong.
6. Third-party independent verification
CREST-accredited certification bodies like IT Governance conduct an external (and internal if you choose Cyber Essentials Plus) scan in addition to the self-assessment questionnaire compiled by each company in order to provide an additional level of assurance.
Follow the example of the 2,000 UK organisations that have already become Cyber Essentials certified. Contribute to making the UK a cyber secure marketplace.