What is Cyber Essentials and how does certification benefit my business?

Posted by John Kennedy on Oct 4, 2019 12:02:58 PM
John Kennedy

For the cyber criminal, their actions are deemed a low-risk crime that can deliver a huge potential payoff as they disrupt businesses, steal money, goods, information and sensitive data. 

From experience cyber-attackers know that smaller organisations are likely to have less money and fewer resources to spend on defending their business from a cyber-attack. The majority of these attacks are automated and indiscriminate, exploiting known vulnerabilities with IT systems and human fallibility.

The commercialisation of cybercrime has made it easy for anyone to obtain the resources they need to launch a cyber-attack. More often than not, the hackers like any criminal are playing a "numbers games", opportunists who know to keep on trying and eventually they will gain entry.

The head of Europol says that the growth of cyber-crime is “relentless”, according to a report from the UK’s National Crime Agency (NCA) the average age of those arrested for malicious hacking activities was just 17 years old.

Yet there is a gap that exists between what is clearly an accelerating threat landscape and the limited resources and scope of organisations to be able to defend against cyber-attacks. Virtually every organisation relies on digital services in some way or other, but where there is technology there is risk and the threat of an attack.

Small businesses (SMBs) in the UK are the target of an estimated 65,000 attempted cyber-attacks every day, according to figures from a study from Hiscox, a specialist insurer.

According to Hiscox, almost one in three (30%) UK small businesses suffered a cyber breach last year – equivalent to over 4,500 successful attacks per day or one every 19 seconds.

At the end of the day, cybersecurity is a responsibility that lies with an  individual business. In the UK the Government is addressing the risks of cybersecurity for businesses and organisations with a range of schemes and initiatives, the most useful for SMBs is Cyber Essentials.

What is Cyber Essentials?

Cyber Essentials is a UK Government backed scheme administered through the National Cyber Security Center (NCSC) to show organisations how to protect themselves and prevent the most common cyber attacks. 

The NCSC claims Cyber Essentials can help eliminate the risk of 80% of cyber attacks. The Government and industry have worked together on this scheme to ensure UK organisations with limited experience of cybersecurity are able to improve their defences.

The Cyber Essentials scheme addresses the most common Internet-based threats to cybersecurity and considers these threats to be:

  • Hacking — exploiting known vulnerabilities
  • Phishing — and other ways of tricking users into installing or executing a malicious application
  • Password guessing — manual or automated attempts to log on from the Internet, by guessing passwords

Cyber Essentials certification offers peace of mind against the majority of common cyber attacks.

The Cyber Essentials scheme is not covered by binding regulation, instead, it offers organisations and businesses a means to demonstrate their commitment towards addressing cybersecurity by achieving an accredited and registered certification standard.

For those organisations who need to take their cybersecurity to a higher level, you can go for Cyber Essentials Plus certification.

Free Cybersecurity guide

The Cyber Essentials scheme brings a number of benefits to companies looking to get certified, here’s five:

1. An internal IT security audit 

Going through the Cyber Essentials certification process will provide some insights into your organisation’s cybersecurity position, providing focus on where you need to bolster your defences and get your team thinking about cybersecurity.

To help you adopt a more robust approach to cybersecurity don’t forget to: 

  • Become more involved in understanding how any personal or valuable data is managed and protected.
  • Ensure to assess external vendors in partnership with IT, as third parties in the supply chain are often key sources of vulnerabilities.
  • Communicate externally in a way that makes customers feel safe that you take cybersecurity seriously, without revealing too many details.
  • Know and understand the relevant data governance regulations on how you collect, use and disclose customer data for example familiarise yourself with GDPR.
2. Protection against common cyber threats

Common cyber-attacks exploit basic weaknesses in an organisation’s IT infrastructure, weakened by the lack of updated software or known vulnerabilities that have not been patched. Often, these types of unskilled attacks are simple to defend against with easy to follow strategies, and Cyber Essentials is an excellent source of these.

Being fully Cyber Essentials compliant mitigates the risks faced by businesses such as malware infections, social engineering attacks and hacking.

3. Show your customers that you take cybersecurity seriously

Becoming Cyber Essentials certified can help you establish the trust of clients and partners. It shows that you have made a promise to take your cybersecurity responsibilities seriously.

The rise in awareness of the consequences of a cyber-attack have seen an increased demand for evidence that your business takes its responsibilities seriously and invests in protecting data and information. 

Once you are certified, you will be able to display a Cyber Essentials certification and be listed on the Directory of organisations awarded Cyber Essentials.

E-guide - Cybersecurity for  Accounting firms

4. A roadmap for addressing GDPR concerns

The introduction of the GDPR or General Data Protection Regulation in 2018 was designed to unify data privacy laws across the EU, giving EU citizens more control over their personal data and prescribing how organisations may use and must protect their subjects data.

Under the EU’s new rules, all European citizens have the right to know how their personal data is being used, why it’s being processed, have the right to access and correct it, restrict further processing of it and ask that all their data be erased or passed onto another party.

The introduction of GDPR now means that organisations need to take cybersecurity more seriously than ever, or face heavy fines for a breach if they are found negligent.

As a business you must know where and what data you have stored, it’s source and that you are lawfully complying with the regulations on how to keep and process it and implement appropriate technical and organisational measures to protect personal data, regularly review controls, plus detect, investigate and report any data breaches.

5. Cyber Essentials value in the supply chain

Cyber Essentials is an increasingly important certification to achieve for businesses and organisations in the UK. For smaller businesses with little or no IT support or expert resources to hand, it provides a basic introduction towards necessary cybersecurity practices. 

If your business involves certain technical services or handling of sensitive information, then it makes sense to be Cyber Essentials compliant. For SMBs that are looking for a government contract, Cyber Essentials is mandatory to be eligible to bid for government contracts.

Next steps

Cyber Essentials is just one step of the journey towards securing your organisation against cyber attacks. As an outside provider Worktools can do initial security assessments and ensure that everything is secure, both locally and through remote access. 

We can also help create your cybersecurity plan so you know how to prepare and if necessary respond to an incident.

Take a tour of the Worktools Plans, and contact us to learn more about how we can help take your business to the next level.

Talk to Sales

Image source:


Topics: small business, cybersecurity, SME, Cyber Essentials

Follow our Blog