Essential security - Cyber Essentials
What is Cyber Essentials?
The Cyber Essentials scheme is a world-leading, cost-effective assurance mechanism for companies of all sizes to help demonstrate to customers and other stakeholders that the most important cyber security controls have been implemented. The scheme provides five security controls that, according to the UK government, could prevent “around 80% of cyber attacks”.
The Assurance Framework, leading to the award of Cyber Essentials and Cyber Essentials Plus certificates for organisations, has been designed in consultation with SMEs (small and medium-sized enterprises) to be light-touch and achievable at low cost.
Want to know more about the Cyber Essentials Scheme?
For advice and guidance on the scheme or to find out more about the certification solutions we offer, get in touch with one our experts today.
Speak to an expert
What are the five key security controls?
Confirm that computers and network devices are properly configured in order to reduce the level of inherent vulnerabilities.
Confirm that only safe and essential network services can be accessed from the Internet.
Confirm that user accounts are assigned to authorised individuals only.
Confirm that devices and software are not vulnerable to known security issues for which fixes are available.
Restrict the execution of known malware and untrusted software.
Why is Cyber Essentials so important?
According to Ponemon Institute, SMEs lost an average of 10,848 individual records to data breaches between 2017 and 2018. The Zurich SME Risk Index also makes interesting reading. It found that almost one in six SMEs falls victim to a cyber attack within a 12-month period. Of the businesses affected, more than a fifth reported that it cost them more than £10,000, and one in ten said it cost more than £50,000.
On the flip side, robust cyber security is now a genuine criterion for winning and maintaining business contracts. A quarter of medium-sized businesses reported that they have been directly asked by a prospective customer about what cyber security measures they have in place.
There are significant reputational and information security advantages to becoming Cyber Essentials certified.
Your Cyber Essentials certification options
Cyber Essentials includes an SAQ (self-assessment questionnaire) and an external vulnerability scan. The certification process has been designed to be lightweight and easy to follow.
Cyber Essentials is right for you if:
- You’re looking for base-level security certification to demonstrate that you have key controls in place.
- Your employees are primarily office-based and their IT equipment is under your administration and typically does not leave your premises.
- You have physical and technical controls for restricting access for third parties, such as clients and suppliers visiting your offices.
Cyber Essentials Plus certification continues to offer a simple approach to cyber security. The protections you need to have in place are the same, but it includes an additional internal scan and an on-site assessment.
Cyber Essentials Plus is right for you if:
- A client has specifically requested you achieve Cyber Essentials Plus.
- Your employees work from remote locations, such as home or client sites, and your IT equipment is often outside of your premises.
- Your business has multiple third parties with access to your premises or IT as visitors, partners, or in a shared office environment.
Cyber Essentials and best-practice industry adoption
Industries, especially public bodies or those organisations wishing to connect to public networks, are increasingly adopting Cyber Essentials to verify that security controls are in place and functioning properly.
All suppliers bidding for government contracts that involve the handling of sensitive and personal information and provision of certain technical products and services are required to be compliant with the scheme’s controls. For example:
- In healthcare, Cyber Essentials Plus certification satisfies multiple conditions of the DSP (Data Security and Protection) Toolkit, which NHS industry partners have been required to comply with& since April 2018. Cyber Essentials Plus can help speed up the connectivity and supply process by fulfilling and prepopulating compliance statements within the DSP Toolkit portal.
- For all MoD (Ministry of Defence) advertised requirements, suppliers are required to have a Cyber Essentials certificate that must be renewed annually. This requirement must be flowed down the supply chain.
Free guide: Cyber Essentials: A guide to the scheme
For further information about the business benefits of achieving certification and to find out how Cyber Essentials can help guard you against cyber threats, download our free Cyber Essentials guide.
- Learn about the five controls and the specific requirements of the scheme.
- Discover what is and is not in scope.
- Learn how to become CREST-certified .
- Find solutions that meet your requirements.
Speak to an expert
Please contact our team for advice and guidance on our Cyber Essentials products and services.