Launched by the National Cyber Security Centre in June 2014, the Cyber Essentials programme is 10 years old this month in June 2024.
As an IT consultancy which helps businesses achieve this accreditation, we think it has been a fantastic initiative for UK companies and charities and look forward to the next ten years. Year by year it is developing, reaching new milestones as awareness grows.
What is Cyber Essentials?
Actually, awareness is key to Cyber Essentials success, as the more businesses who know of what it can deliver, the more who can benefit. So let’s outline what it is here.
Cyber Essentials is a two tier accreditation designed by the National Cyber Security Centre as a framework for businesses to follow good cyber security practice.
Cyber Essentials – This is the entry level accreditation that is suitable for most businesses. It is a self-assessment process that puts in place five basic protections that will defend you against most cyber attacks (prevent you from being the low-hanging fruit that criminals like to target).
Cyber Essentials Plus – This is the more advanced accreditation which requires an independent, hands-on technical verification of your systems. You still follow the same five protections, but the accreditation delivers a higher assurance to your customers and other stakeholders as it has been signed-off by an expert third party.
What are the benefits of getting this certification?
It is sad but true, but in this day and age SMEs are a prime target for cyber criminals. You only tend to hear about the larger organisations who suffer major attacks, such as the NHS or BBC. But the problem is far more pervasive than that.
In fact, according to a UK government report in 2023 it is estimated that across all UK businesses, there were approximately 2.39 million instances of cybercrime and approximately 49,000 instances of fraud as a result of cybercrime in the previous 12 months. Across charities, there were approximately 785,000 cybercrimes over this period.
The protection that being Cyber Essentials certified provides against being one of these statistics is the primary benefit to you. By being guided through implementing five key defences you massively reduce your chances of being a victim. But the benefits do not stop there…
You can display the Cyber Essentials logo, showcasing your accreditation to demonstrate your professionalism to customers. In a competitive market, this may be one of the signals you send out that wins you new work or retains existing customers. Additionally, some government supply chains require Cyber Essentials, so by not having it you may be missing out on business entirely.
The good practices instilled may also bring softer benefits like more smooth-running operations as your computer systems are operated to a higher standard.
Following Cyber Essentials may help you meet the terms of any cyber insurance you have in place, reducing the risk of your policy being voided. And, of course, doing things right gives you that priceless peace of mind that we all seek.
How many businesses are Cyber Essentials certified after 10 years?
Despite the inroads that Cyber Essentials has made, there is still much more work to do to get the UK’s businesses and charities up to standard. It is reported that about 2-3% have the accreditation to date – great for them but still much more work to do. The sign up numbers are accelerating year on year.
Interestingly, among larger businesses, the figure is more like 30% showing how seriously they take it (and others will have alternative accreditations like ISO 27001 instead). Cost shouldn’t be much of a hurdle though as for SMEs it is a very small outlay.
How can I get started with Cyber Essentials?
We are specialists in helping SMEs and charities gain the Cyber Essentials or Cyber Essentials Plus accreditation. Get in touch with us to find out more about how we can help you.