What is Cyber Essentials and why should you get it?

Cybercrime is on the rise and within five years is expected to cost the global economy a staggering $8 trillion. Implementing an effective cybersecurity strategy is now vital to any business if it is to operate safely online.

With data breaches and cyber attacks making headlines on a near daily basis, organisations of all sizes need to take action.

Security breaches of any size can result in financial loss, threaten an organisation’s reputation, erode customer loyalties, attract negative press or threaten large deals and acquisitions.

What is the Cyber Essentials scheme?

To tackle the rising cyber threat, the UK government devised Cyber Essentials, a scheme designed to help organisations guard against the most common cyber threats. Being Cyber Essentials certified gives a business a competitive edge and reassures their customers that they take cybersecurity seriously. 

Cyber Essentials focuses on five technical controls. These are;

  • Firewalls - Ensure that only safe and necessary network services can be accessed from the Internet.
  • Secure configuration - Ensuring that systems are configured in the most secure way for the needs of the organisation.
  • User access control - Ensuring only those who should have access to systems to have access and at the appropriate level.
  • Malware protection - Restrict execution of known malware and untrusted software, to prevent harmful code from causing damage or accessing sensitive data.
  • Patch management - Ensure that devices and software are not vulnerable to known security issues for which fixes are available.

Basic Cyber Essentials certification is acquired via a self-assessment questionnaire which is then validated by an external certification body (like XQ Cyber). This basic level is a good starting point but because it is a self-assessment an organisation should not assume that the Cyber Essentials certification results in a direct improvement to security.

An external certification body has no way of knowing whether the person who filled in the self-assessment form was 100% accurate or even sufficiently knowledgeable to carry out the assessment, meaning that their organisation might in reality not be as secure as they had indicated.


What is Cyber Essentials Plus?

Cyber Essentials Plus addresses the same objectives as basic Cyber Essentials, however, it also requires an independent assessment of your security controls to verify that the controls are in place, thus making the certification harder to achieve but also more rigorous.

Cyber Essentials Plus is a much more highly regarded certification than basic Cyber Essentials due to its requirement for independent assessment of an organisation’s security mechanisms.

If you need to demonstrate that your business takes cybersecurity seriously, and the protection of your customers’ personal data, then Cyber Essentials Plus is the better option. If your organisation regularly handles sensitive data then Cyber Essentials Plus certification is the more appropriate option.

How CyberScore™ can help with certification

With CyberScore™ you can automatically assess your cybersecurity and discover how you stack up against the Cyber Essentials scheme.

For more information on how CyberScore™ can help you get Cyber Essentials Certification get in touch!

For Further Reading -

Get the cybersecurity basics – Get Cyber Essentials certified

Don’t let a Cyber breach be your legacy

Are you as Cyber Secure as you think?


Follow us on FacebookTwitter and LinkedI