You might have heard that it’s something your business needs, but what is Cyber Essentials?
Cyber Essentials is a government-backed scheme designed to help SMEs protect themselves and stay productive in a world of increasing cyber threats. And with 50% of UK businesses becoming victims of cybercrime in 2024 so far, many consider it a requirement rather than a consideration.
Why is Cyber Essentials important?
The sad truth is that every business, no matter how small, could become a target of a cyber-attack. And growing supply chains and reliance on technology services can add to your vulnerability.
Cyber Essentials is a low-effort way for any SME to go from 0% to 98.5% protection against the most common cyber threats. In as little as 24 hours, you can receive Cyber Essentials certification.
For some businesses, Cyber Essentials is mandatory. If you want to secure government or MOD contracts, it’s essential.
PwC revealed that 85% of consumers “wish there were more companies they could trust with their data.” And in the B2B space, revenue in the Cybersecurity market is projected to reach US$185.70bn in 2024. So, you can bet that they’ll look hard at their potential vendors and suppliers, too.
And while Cyber Essentials isn’t a panacea for all cyber threats, it provides a valuable set of controls that deliver cost-effective cybersecurity for any business. With this foundation and protection from over 98% of common cyber threats, you can grow your business with confidence.
What’s preventing businesses from getting cyber essentials?
Only 31% of UK businesses undertook a cyber risk assessment in 2024. Those who haven’t often believe that:
- It won't happen to them. Many businesses feel as though they fall under the radar and that data breaches are out of the question
- Their business is too small. Some SMEs feel their business is too small and don't need to assess risk because their processes don't need improving
- They don’t have enough budget. SMEs who don't understand the value of Cyber Essentials often feel the cost of a cybersecurity certification outweighs the benefits.
Sadly, any business can fall victim to a cyber-attack, so you can't put a price on cybersecurity. Cyber-attacks cost UK businesses £10,830, on average.
Who runs Cyber Essentials?
Cyber Essentials is the brainchild of the National Security Centre (NCSC). Founded in 2016, the NCSC combines expertise from CESG (the information assurance arm of GCHQ), the Centre for Cyber Assessment, CERT-UK, and the Centre for Protection of National Infrastructure.
Want to protect your business from 98.5% of cyber threats? Get Cyber Essentials certified today.
What areas does Cyber Essentials cover?
Cyber Essentials covers five key areas of cybersecurity across your IT infrastructure, including common outliers, like thin clients, BYOD, and home working devices. The NCSC updates the certification regularly, as modern technology becomes commonplace, to keep pace with today’s working world.
- Firewalls. The boundary defences of your networks
- Secure configuration. Security measures for building or installing devices
- User access control. Managing user access and admin rights
- Malware protection. Protection from malicious software
- Patch management. Making sure all systems are updated correctly
How it works
Cyber Essentials is straightforward. All you have to do is complete a self-assessment questionnaire and submit it via an online portal. The assessment questionnaire is around 30 pages and is broken up into eight sections. It includes questions like:
A4.7. Have you configured your boundary firewalls so that they block all other services from being advertised on the internet? By default, most firewalls block all services from inside the network from being accessed from the internet, but you need to check your firewall settings.
On average, we’ve found that it takes small businesses around two weeks to complete an assessment. When you submit your assessment, the certification body reviews and grades your application. They have a ‘pass/fail’ system, so once you’ve passed, you’re good to go.
The five Cyber Essentials controls
Firewalls
Firewalls are your boundary defences. They prevent and stop unrestricted access to and from private networks. Set up correctly, boundary firewalls and internet gateways allow you to take control of your system, and who can access it. And it's easy to adjust your firewall as required.
Secure configuration
Secure configuration involves configuring computer systems, networks, or software applications to minimise potential security risks – essential when managing your servers. Configuring computers and network devices is necessary to keep vulnerabilities at bay, and will help to prevent unauthorised activity. With this in place, you can rest assured that each device will only provide the minimum data and information when building or installing.
User access control
Get complete oversight when managing user access and admin rights. It’s easy to give multiple users administrator access for convenience, but it’s crucial to restrict it to prevent hackers from obtaining your information and data.
Malware protection
Protect your business from malicious software with antivirus support. This type of data breach can wreak havoc by corrupting crucial files and stealing confidential data. Not only that, but the software could potentially block access for ransom.
Securing your business against a wide variety of malware is essential to protect your privacy, devices, and reputation.
Patch management
Update your software as soon as new patches become available. Patch management is critical to prevent hackers from exploiting known weaknesses and updating software and operating systems can fix vulnerabilities before they become a serious issue.
Want to know more about the different types of cybersecurity certifications available to UK businesses? Then check out our comprehensive guide to Cyber Essentials and beyond.