What is Cyber Essentials?
Cyber Essentials is a Government-backed and industry-supported scheme that helps businesses protect themselves against the growing threat of cyber attacks. Providing a clear statement of the basic controls organisations should have in place to protect themselves.
It is the UK Government’s answer to a safer Internet space for organisations of all sizes, across all sectors. Developed and operated by the National Cyber Security Centre (NCSC), Cyber Essentials is considered the best first step to a more secure network. In effect protecting you from 80% of the most basic cyber security breaches.
Achieving Cyber Essentials certification also enables organisations to showcase their credentials as trustworthy and secure when it comes to cyber security.
The certification defines a focused set of controls which provide clear guidance on basic cyber security for organisations of all sizes and offers a sound foundation of cyber security measures that all types of organisations can implement at a low cost.
- Cyber Essentials is a foundation level certification designed to provide a statement of the basic controls your organisation should have in place to mitigate the risk from common cyber threats.
- Cyber Essentials Plus is the highest level of certification offered under the Cyber Essentials scheme. It is a more rigorous test of your organisation’s security systems where our cyber security experts carry out vulnerability tests to make sure that your organisation is protected against basic hacking and phishing attacks.
What’s the difference between Cyber Essentials and Cyber Essentials Plus?
The basic Cyber Essentials package provides a self-assurance certification route for those who don’t require an independent audited assessment.
Cyber Essentials Plus offers extensive support throughout the Cyber Essentials preparation process. On top of the Cyber Essentials certification – valid for 12 months – and the branding for promotional use, your organisation will receive dedicated support, an independent assessment of your company systems and our professional service team to assist you each step of the way.
Why become Cyber Essentials Certified?
Cyber Essentials certification indicates that your organisation takes a proactive stance against malicious cyber attacks. In addition, it offers a mechanism to demonstrate to customers, investors, insurers and others that you have taken the minimum yet essential precautions to protect your organisation against cyber threats.
The National Cyber Security Centre states that undertaking the Cyber Essentials certification process and implementing even one of the five controls required by Cyber Essentials can protect businesses from around 80% of attacks.
Additional benefits of the certification include:
- Reassure customers that you are working to secure your IT against cyber attack
- Attract new business with the promise you have cyber security measures in place
- You have a clear picture of your organisation’s cyber security level
- Some Government contracts require Cyber Essentials certification
Cyber hackers are becoming more intelligent and have adapted to many counter-hacking measures. The Cyber Security Breaches Survey 2020 reports that the nature of cyber attacks has changed over the years. Since 2017 the number of businesses experiencing phishing attacks has jumped from 72% to 86%, although there has been a drop in businesses experiencing viruses or other malware attacks, from 33% to 16%. There has never been a better time to become Cyber Essentials certified.
Frequently Asked Questions about Cyber Essentials
You need to complete the online Cyber Essentials assessment as part of the Cyber Essentials Plus certification, and this must be completed prior to the Cyber Essentials Plus audit. Alternatively, you can complete your Cyber Essentials Plus audit within 3 months of your last Cyber Essentials certification.
SMG Business Solutions always do their best to get the Cyber Essentials assessment results back to organisations as quickly as possible. It usually take us 1 – 3 working days from the time you submit your assessment. If you have a tight deadline please let us know and we can try to fast-track assessments.
Some Government contracts may require you to be Cyber Essentials certified or to be able to demonstrate that the technical controls are in place. In the first instance please confirm with the Government department their expectations with regards to Cyber Essentials. Requirements and exemptions may vary between department, so it is important that you are able to seek clarification for each contract.
Let's talk about Cyber Essentials
Got a question? Let us know and we'll be straight in contact with you.