Cyber Essentials is a UK government-backed scheme which was created in 2014. A cyber essentials certification brings many benefits to an organisation, including protection against 80% of the most common cyber attacks, an increased credability and reputation, new business opportunities and free cyber insurance cover. The scheme is designed for all organisations as cyber-attacks can impact businesses of all sizes, industries, and sectors.
In this guide we’ll look at the areas of your business that Cyber Essentials can benefit, some recent statistics on cyber attack vulnerability and the costs of becoming cyber essentials certified.
Surprisingly, cyber-attacks are usually carried out by an individual in an attempt to breach the information system of another organisation through 5 main methods. The 5 controls within the Cyber Essentials scheme are designed to prevent cyber-attacks and guard your internet connection, devices, data and services.
Many organisations do not consider falling victim to cyber-attacks as a likely scenario, so fail to have the basic controls in place. The Cyber Security Breaches Survey 2019 showed that 32% of businesses and 22% of charities experienced cyber-attacks in the last 12 months. Businesses falling victim to an attack have decreased by 10% since 2017. This is due to increased defences against cyber-attacks alike the controls in the scheme.
The benefits of Cyber Essentials
1. Protects your organisation from 80% of common cyber threats– The 5 technical controls within the scheme when implemented, helps your organisation protect from 80% of common cyber-attacks and tighten security. The 5 controls are firewalls, secure configuration, control user access, anti-malware and phishing.
2. Increased credibility and reputation– Achieving Cyber Essentials certification shows your commitment to protecting your own data and that of your customers and clients. The certification increases the reputation of your business and shows your organisation is taking preventative actions to reduce the threat from cyber-attacks.
3. Win government contracts and open business opportunities– If your organisation is looking to bid for government contracts you will need to be Cyber Essentials certified. New business opportunities are opened as it demonstrates to business partners and new clients that you are working in a safe and secure digital environment.
4. Eligible for free cyber insurance cover– Showing that your organisation is compliant with the scheme means that you could be eligible for free cyber insurance cover, saving you up to £25,000.
What's the difference between Cyber Essentials and Cyber Essentials Plus?
Cyber Essentials PLUS has the same requirements as Cyber Essentials as organisations still must implement the 5 security controls. Cyber Essentials is a self-assessment and provides basic levels of credence that the controls have been implemented correctly by the organisation. The critical difference is that Cyber Essentials PLUS requires an on-site security vulnerability assessment by one of our experienced consultants, this will be a 1-day visit to your company’s headquarters. The testing covers all Internet gateways, all servers providing services directly to unauthenticated Internet-based users and a representative sample of devices that can connect to the Internet. This is to measure that the 5 security controls are in place and are sufficient in protecting cyber threats to your organisation.
Cyber Essentials PLUS provides your organisation with a better understanding of its cyber risk level due to the on-site vulnerability scan. Cyber insurance agencies look more favourably at the certification at PLUS level as opposed to the basic self-assessment.
Organisations will need to re-certify each year to maintain compliance with the scheme.
How much does Cyber Essentials cost?
The standard Cyber Essentials self-assessment costs £310.00. The Cyber Essentials assisted self-assessment costs £995.00 which includes a face-to-face or video conference call with one of our consultants who will highlight the gaps you need to address to be compliant with the scheme. Our consultants will also guide you through the process and support your organisation in answering all self-assessment questions.
The Cyber Essentials PLUS certification costs £1895.00 which includes the self-assessment, on-site vulnerability scan, a report highlighting major non-compliance’s along with a full assessment report. Cyber Essentials PLUS includes an on-site vulnerability assessment and authenticated configuration and patch level assessments of a sample of servers and end-user computing environment. Cyber Essentials PLUS allows organisation to bid for advanced government contracts.
How can my organisation become Cyber Essentials certified?
CS Risk Management is an accredited certification body for Cyber Essentials. The Cyber Essentials certification is a self-assessment questionnaire and is reviewed by one of our cybersecurity consultants’ once it has been completed. Firstly, you will need to complete the purchase of the Cyber Essentials or Cyber Essentials PLUS certification from our online shop.
One of our consultants will send you a portal link along with the login credentials. You will then be able to use the portal to complete the self-assessment online and our consultants will be notified as soon as you submit your completed questionnaire. Our Cyber Security professionals can help to guide you through the process and provide you with expert advice if necessary. If you have purchased Cyber Essentials PLUS one of our expert cyber security consultants will be in touch with you to arrange the on-site vulnerability scan after you have submitted your self-assessment questionnaire.
If you are interested in becoming Cyber Essentials or Cyber Essentials PLUS certified or would like additional information, please get in touch with our consultants at 0203 728 6555 or firstname.lastname@example.org