Four Reasons Why Your Organisation Needs Cyber Essentials

The UK Government’s Cyber Essentials scheme (CES) is rapidly gaining interest from organisations across the country. The scheme – designed to make Britain the safest place to do business online – has already been implemented by companies likes Barclays, Nexor and Databarracks.

80% of cyber attacks can be prevented by basic cyber security hygiene, which is exactly what Cyber Essentials offers: basic but effective cyber security.

There are five key areas covered by the scheme:

  1. Secure configuration
  2. Boundary firewalls and internet gateways
  3. Access control and administrative privilege management
  4. Patch management
  5. Malware protection

Implementing these five controls in line with the CES will provide an organisation with the following benefits:

Improved security

Thanks to its requirement to conduct external vulnerability assessments and additional internal vulnerability assessments for Cyber Essentials Plus, the scheme enable organisations to verify that their risk controls really work and uncover vulnerabilities they may not necessarily be aware of.

Customer assurance

55% of respondents in the IT Governance Boardroom Cyber Watch Survey 2014 said that their customers had enquired about their information security credentials in the past 12 months. This number is up by 5% from last year’s survey, and I predict it will continue to rise for years to come.

An organisation that has the ability to present cyber security credentials when asked for them will be in a far better position than those that can’t.

Government approval

According to, From 1 October 2014, government will require all suppliers bidding for certain personal and sensitive information handling contracts to be Cyber Essentials certified. This will provide further protections for the information the government handles and will encourage adoption of the new scheme more widely”. Those that are part of the government supply chain are likely to be among the first adopters of the scheme. As with other frameworks, of course, it may not be long before the private sector starts including Cyber Essentials in its procurement criteria.

Avoid costly breaches

The 2013 Information Security Breaches Survey found that the average cost of the worst security breach for small organisations was £35,000 to £65,000 and for large organisations was between £450,000 and £850,000. If your new CES-certified defences stop two or three attacks in its first year, then you’ll be witnessing one of the best investments your organisation has made, or ever will make.

Alan Calder, Founder and executive Chairman of IT Governance was recently interviewed at IT Governance’s Cyber Essentials event in London. You can view the video below:

There is no denying the importance of the Cyber Essentials scheme. If you’re not sure what you need to do next, then speak to IT Governance.