What is Cyber Essentials
Cyber Essentials (CE) is a government-backed cyber security certification scheme that sets out a baseline of cyber security suitable for all organisations. The scheme’s five security controls can prevent “around 80% of cyber attacks”.
The Cyber Essentials scheme is a key deliverable of the UK’s National Cyber Security Programme. Their 10 Steps to Cyber Security, were not being implemented effectively, the government instigated a call for evidence on a preferred cyber security standard. In November 2013, it concluded that no individual standard met its specific requirements, so it developed the Cyber Essentials scheme.
Cyber Essentials delivers the absolute basic controls that all organisations should be implementing to mitigate the risk from common Internet-based threats.
The scheme provides a mechanism for organisations to demonstrate to customers, investors, insurers and others that they have taken essential precautions to secure against the majority of basic cyber risks.
A recent report by the government UK cyber security: the role of insurance in managing and mitigating the risk revealed plans to include Cyber Essentials certification in insurers’ risk assessments for SMEs.
Cyber Essentials enables companies to tender for government contracts. View the UK Government’s procurement policy.
The scheme is backed by major industry including BAE Systems, Lockheed Martin, Barclays and Hewlett-Packard. The Information Commissioner has stated that he “supports the Cyber Essentials Scheme and encourages all businesses to be assessed against it”.
The Cyber Essentials scheme is increasingly popular within the private sector; thousands of organisations have adopted the scheme to date. Insurance firms have also recognised that Cyber Essentials certification is a valuable indicator of a mature approach to cyber security and, according to a government report, Cyber Essentials certification can also contribute to the reduction of risk and therefore premiums.
Who should be using the Cyber Essentials scheme?
- Organisations that use Internet-connected systems
- Organisations that use Internet-connected end-user devices such as computers, mobile phones, printers, tablets, servers and laptops
Cyber Essentials help you:
- focus on your core business objectives, knowing that you're protected from the vast majority of common cyber attacks
- drive business efficiency, save money and improve productivity through the streamlining of processes
- reduce your insurance premiums
- increase your resistance to cyber threats
- demonstrate to clients, insurers, investors and other interested parties that you have taken the precautions necessary to reduce cyber risks
- bid for UK Government contracts that involve the handling of personal and sensitive information.
Cyber Essentials comes in two levels:
- Cyber Essentials
- Cyber Essentials Plus
Why are companies of all sizes choosing to adopt Cyber Essentials?
Ignoring cyber-security is no longer an option. One in ten organisations that suffered a breach in the last year were so badly damaged by the attack that they had to change the manner in which they conduct their business.
Cyber Essentials is designed for businesses of all sizes, and in all sectors.
Failure to adequately protect against cyber-threats and prevent data loss can lead to share price impact, financial penalties and reputational loss.
The new European Union General Data Protection Regulation, which should replace the 1998 Data Protection Act, will oblige the protection of personal data with significant quantifiable penalties for data breaches, up to 5 percent of a company's annual global turnover. Implementing Cyber Essentials shows that organisations are taking measured steps to mitigate the risk to personal data from internet-based threats.
Commercial supply chains, outside of those working with public bodies, have begun to realise that it is in their interests to predominantly work with companies that have at least a basic level of cyber-security.
Cyber Essentials supports businesses as it encourages a growing maturity to cyber-security. Having been assessed as meeting the requirements of Cyber Essentials, an organisation's approach to information risk management becomes integral to its operations and demonstrates leadership in cyber-security. Cyber Essentials offers an indicator demonstrating to customers, investors, insurers and others that they have taken the essential security precautions.
Although cyber-security is a very complex area, the achievement of the Cyber Essentials certification requires the satisfaction of some basic requirements. Cyber Essentials provides a clear statement of the basic controls that all organisations should implement immediately to mitigate the risk from internet based threats