Press release: CyberSmart partners with e92plus

e92Plus

LONDON, UK – 1st October 2024 – CyberSmart, a leading provider of cyber risk management for small businesses has today launched its partnership with e92plus, the UK’s top independent cybersecurity Value Added Distributor (VAD). 

e92plus has long been dedicated to protecting its partners and helping them accelerate business growth through its suite of channel-first security and cloud solutions. Indeed, e92plus has helped over 1,200 VARs, MSPs, SIs, CSPs and consultancies across the UK and Ireland.

CyberSmart offers an all-in-one cybersecurity monitoring, optimisation, training and insurance solution, proven to defend against the unexpected. Like e92plus, CyberSmart focuses on delivering its cybersecurity platform through the channel, making this an auspicious partnership.

The partnership will focus on delivering CyberSmart’s cyber risk management platform, including Cyber Essentials certification, products CyberSmart Active Protect and CyberSmart Vulnerability Manager, and cyber insurance to e92plus’ partners throughout the UK and Ireland. 

While the partnership is launching primarily in the UK and Ireland, e92plus plans to launch alongside CyberSmart in the Netherlands and other EU markets in the coming years.

The joining of forces between CyberSmart and e92plus is timely. A recent survey from CyberSmart reveals that 65% of MSP customers now expect their provider to manage their cybersecurity infrastructure or their cybersecurity and IT infrastructure. This partnership will help deliver the tools MSPs and VARs need to meet customer demand. 

We’re excited to be working with Cybersmart to bring their platform to our partner community” explains Mukesh Gupta, CEO at e92plus. “We’re seeing strong demand in the SMB and mid-market sectors for more assistance around cybersecurity strategy, processes and compliance standards, and this addresses that growing marketing need. The requirements are so complex and diverse, and many businesses struggle to have the internal staff and expertise to manage their cybersecurity tools, let alone manage frameworks, address staff training and ensure an organisation has the right risk management and reporting in place. For our VARs and MSPs, this is a perfect way to build their services and consultancy offering without significant investment”.

We’re delighted to be working with e92plus,” said Jamie Akhtar, CEO at CyberSmart. “Our businesses share a vision of what cybersecurity for SMBs should look like. The demand for solutions that can help smaller businesses get on top of their cybersecurity, compliance and risk management is only growing. And, this partnership addresses the demand, while giving MSPs and VARs a fast and simple route to building up their cybersecurity capabilities. We see this as another important step towards our mission of providing complete cyber confidence to every small business.”

Press release: Over 1.1 million UK SMEs at risk of collapse during current economic uncertainty

SME collapse

Over 1 in five UK SMEs (21%) are worried that their business will not survive the current economic uncertainty or expect they will have to make a significant business pivot. This is according to a survey of a thousand SME senior leaders and decision-makers across the UK, commissioned by CyberSmart (and conducted by Censuswide).

The UK government estimates that the country is home to at least 5.5 million SMEs. If we were to extrapolate the findings, it could mean 1.155 million businesses are in a precarious position and risk collapse.

Remarkably, the survey also revealed that some SME senior leaders would go to great lengths to ensure the business’s survival. These behaviours range from engaging in cybercriminal activity and committing accounting fraud to neglecting compliance requirements.

Activities that SME senior leaders would consider engaging in include:

  • 15% would commit accounting fraud and lie to bankers/investors to secure funding or commit tax fraud/evasion (potentially equivalent to 825,000 SMEs)
  • 14% would cut employee salaries or benefits (potentially equivalent to 770,000 SMEs)
  • 11% would leverage proprietary information from partners/clients such as selling off the data (potentially equivalent to 605,000 SMEs)
  • 11% would neglect compliance requirements due to the additional costs they incur (potentially equivalent to 605,000 SMEs)
  • 10% would engage in cybercriminal activity such as hitting a rival company with a cyberattack (potentially equivalent to 550,000 SMEs)
  • 9% would mortgage their house (potentially equivalent to 495,000 SMEs)

SMEs decrease cybersecurity spending

Additionally, a third of SMEs have decreased cybersecurity spending due to the economic uncertainty. Or, more worryingly, admitted to never really investing in it.

In fact, as many as 42% of SME senior leaders do not believe it is worth investing in cybersecurity, with over 1 in 5 (21%) believing they are not a target. A further 16% claim it is not worth it because they have cyber insurance and 10% assert it is not a priority. Only 25% realised it was worth investing in cybersecurity because they could not afford to be breached.

CyberSmart CEO, Jamie Akhtar reacted with the following:

“As a business owner myself, I can understand the pressure many SME decision-makers are currently facing to keep their companies running and ensure their employees are taken care of, all while budgets tighten. It is during these times that emotions run high, and people might make irrational decisions that go against their own, and their company’s, best interest. It goes without saying that we would never condone criminal behaviour. Moreover, we would strongly recommend that businesses invest in cybersecurity and compliance.”

 “The business ecosystem has become highly intertwined, so no business is immune from cyberattacks. In fact, SMEs could prove to be an easy entry point for cybercriminals looking to hit others within their supply chain, if they have weak cybersecurity postures. While cyber insurance is important for risk transfer, it should not be relied on either. A comprehensive and continuous cybersecurity and compliance strategy is needed to avoid a breach’s financial, reputational and even physical repercussions. Fortunately, there are solutions today that can help in doing so, without breaking the bank.”

Want to know more? Read the report in full here.

SME cost of living crisis

6 key takeaways from the DCMS Cyber Security Breaches Survey 2023

DCMS cyber security breaches survey

Each year, the Department for Digital, Culture, Media & Sport (DCMS) releases its hotly anticipated Cyber Security Breaches Survey. It’s a key source of data on how businesses across the UK approach cybersecurity, the threats they face, and issues that need to be addressed in the coming year.

But for all its usefulness, the report is also very long – usually stretching to thousands of words in length. So, to save you from reading the whole thing, we’ve put together a handy list of the key takeaways from the report. Here’s the stuff you need to know. 

1. Assessing supply chain risk is rare for small businesses

We’ve talked about the danger supply chains pose to businesses a lot. Happily, it appears that larger businesses have begun to wake up to the risk. 63% of large businesses undertook a cybersecurity risk assessment in the last year, alongside 51% of medium-sized firms.

However, the practice remains rare among smaller businesses. When the sample size is broadened to include businesses of every size, just 3 in 10 have undergone a risk assessment.

Why is this happening? Well, it’s possible many businesses don’t have the resources to sanction regular risk assessments but, just as likely, is that many SMEs are simply unaware of the need. 

Worried about rising IT costs? Check out our guide to protecting your business on a budget.

2. A small number of businesses are taking cyber accreditations

The good news is that the proportion of UK organisations seeking extra guidance or information on cybersecurity is stable at 49% for businesses and 44% for charities. But, this does mean that a large proportion of organisations either aren’t aware of or aren’t using guidance like the NCSC’s 10 Steps to Cyber Security or the government-backed Cyber Essentials accreditation

According to the DCMS’s findings, just 14% of businesses and 15% of charities are aware of the Cyber Essentials scheme – rising to 50% of medium businesses and 59% of large businesses. And it’s a similar story with ISO 27001 certification with just 9% of businesses and 5% of charities adhering to the standard. Again, this is higher among large businesses (27%).

Although these figures might look alarming, there are a couple of caveats to bear in mind. First of all, the Cyber Essentials scheme was always going to take some time to bear fruit, it’s worth remembering the extremely limited cyber awareness across UK businesses before its launch. What’s more, the number of certified businesses is still growing steadily, up from 500 per month in January 2017 to just under 3500 in January 2023.

Added to this, the scheme was always likely to need to evolve to meet the needs of businesses. Given recent calls from UK companies for a new and improved Cyber Essentials certification, perhaps the time has come for the scheme to take the next step in its evolution.

3. Formal incident response plans aren’t widespread

The survey reveals that most organisations agree that they’d take several actions following a breach or cyber incident. However, the reality appears somewhat different. Only a minority of businesses (21%) have a formal incident response plan in place. This figure does rise amongst medium (47%) and large businesses (64%), indicating that it’s SMEs who are going without.

Perhaps this isn’t surprising, SMEs are often time and resource-poor and creating a thorough incident response plan isn’t a small undertaking. Nevertheless, it represents an area that both government bodies and companies like CyberSmart need to focus on in the coming year.

4. The number of identified breaches has declined 

At the risk of stating the obvious, cybercrime hasn’t decreased in the last year. But the number of breaches being reported by smaller businesses has declined. Just 32% of businesses and 24% of charities reported a breach or attack in the last 12 months – down from 39% of businesses and 30% of charities in the 2022 edition of the survey.

What’s going on? Are SMEs simply being attacked less? Unfortunately, no. 54% of SMEs in the UK experienced some form of cyber-attack in 2022. And, if we look at the figures for large businesses (69%) and high-income charities (56%) the numbers have remained stable from the 2022 report.

This seems to indicate that the drop is being driven by SMEs, which also suggests that they are undertaking less monitoring and logging of breaches than in previous years. Why? That brings us to our next key takeaway.

5. Cybersecurity is less of a priority for smaller businesses

It’s no secret that it’s a tricky time to be a small business. Economic uncertainty and a cost of living crisis have left many SMEs looking to reduce expenditure, particularly in areas like cybersecurity. This is borne out by the DCMS’s survey, with 68% of micro-businesses (10 employees or less) saying cyber security is a high priority, down from 80% last year.

In practice, this can mean less tracking and reporting of breaches, weaker defences, and greater reluctance to update tools, putting small businesses at a real disadvantage. But it doesn’t have to be this way. There are methods for budget-conscious businesses to reduce costs responsibly – we’ve outlined a few here.

6. Is cyber hygiene going backwards? 

Finally, cyber hygiene has long been a useful concept in helping businesses think about their security. The rationale behind it is simple. Most cyberattacks are pretty unsophisticated – think your common-or-garden phishing attack or a breach due to an unpatched vulnerability. 

This means businesses can avoid falling foul of most of them by using a set of basic “cyber hygiene” measures.

The most common of these hygiene measures are updated malware protection, cloud back-ups, passwords, restricted admin rights and network firewalls. However, all of these measures have seen a gradual decline over the last few editions of the DCMS report. For example: 

  • use of password policies (79% in 2021, vs. 70% in 2023)
  • use of network firewalls (78% in 2021 vs. 66% in 2023)
  • restricting admin rights (75% in 2021, vs. 67% in 2023)
  • policies to apply software security updates within 14 days (43% in 2021, vs. 31% in 2023).

DCMS analysis suggests that these trends appear to reflect shifts in the SME population, as figures across larger organisations have remained stable. As we mentioned earlier, it’s possible that, as many smaller businesses feel the pinch and place less importance on cybersecurity, cyber hygiene has begun to fall by the wayside. Whatever the reason, it’s a worrying development that could make some SMEs extremely vulnerable.

What have we learned from the DCMS Cyber Security Breaches Survey 2023?

Time to draw some broad-brush conclusions from the DCMS’s findings. First of all, the common theme running throughout the report is that the cost of living crisis is having a real impact on SMEs’ ability to protect themselves. Whether it’s the decline in breach reporting, so many businesses lacking incident response plans, or the fall in cyber hygiene standards, it’s clear SMEs need real assistance to bolster their defences.

Second, Cyber Essentials could be due for a revamp. The number of organisations who are aware of the accreditation, let alone completing it, remains too low.

Finally, although this piece may have made for a fairly grim read, there is an upside. These findings provide everyone within the UK cybersecurity industry a clear picture of where the problems lie and what we all need to do over the next 12 months to tackle them.

Want to know more about how to reduce cybersecurity costs responsibly? Check out our free guide to cybersecurity on a budget.

Cost of living CTA 2

What do the proposed NIS regulations mean for managed service providers?

NIS regulations

As attendees of our event CyberSmart Live! will know, one of the hottest topics within the cybersecurity industry at the moment is the proposed regulatory changes for managed service providers. The Department for Science, Innovation and Technology (DSIT) is planning changes to the scope of its Network & Information Systems (NIS) regulations to include MSPS. 

So, to help you understand whether your business is affected and what you need to do, here’s a quick summary of the potential changes.

What are the changes? 

Under the proposed framework, some MSPs (more on that later) will have a legal duty to:

  • Register with the Information Commissioner’s Office (ICO)
  • Take steps to secure their networks and information systems
  • Minimise the impact of incidents on their networks and information systems
  • Report incidents to the ICO

Why does this only apply to some MSPs?

The regulations don’t apply to small and micro providers. To qualify, your business must: 

  • Employ more than 50 staff
  • Have a turnover of more than €10 million per year

On top of this, only MSPs who meet the criteria of a digital service provider (DSP) under NIS regulations need to register with the ICO. NIS defines a DSP as “providing online marketplace services, cloud computing services, online search engine services or managed services.”

What are the changes to NIS regulations for? 

Cybercriminals are targeting MSPs with increasing regularity. The risk has grown so severe that security services from the ‘five eyes’ countries – Britain, the US, New Zealand, Australia and Canada – felt moved to issue an official warning in 2022. 

MSPs are so attractive to hackers because they’re usually part of a supply chain and have access to clients’ networks and IT environments. And, to add the icing on the cake for any cybercriminal, MSPs typically have access to large amounts of sensitive data – everything from financial information to breakdowns of customers’ security. 

We’ve seen countless examples of attacks on MSPs that lead to a huge breach across their entire client base. The NIS regulations are an answer to this. The proposed changes represent a real attempt by DSIT better to protect MSPs and their customers from the growing threat. 

When are the regulations due to come into force?

As of 13th April 2023, the Government has confirmed that it will go ahead with the proposed reforms to amend the NIS Regulations. So, we’re expecting to see the changes come into force sometime in 2024. Although, it should be noted that this is subject to the government finding “a suitable legislative vehicle”.

Is there anything else you should know?

At this point, you’ve likely got some further questions about the proposed changes. Unfortunately, we don’t have space to cover everything in this blog. But, for more information, we recommend checking out our handy set of FAQs on the regulations. You should find everything you need to know to prepare you for the changes.

Here is a follow up video we did with the Department for Science, Innovation and Technology that goes into further detail on the proposed NIS regulations for MSPs.



Times are tough for SMEs, with many facing tough financial decisions. So, to help out, we’ve put together a step-by-step guide to cybersecurity on a budget. Read it here.

Cost of living CTA 3

Press release: Heightened risk of insider threats during cost-of-living crisis, according to SME study

insider threats

Our latest research (to be released as a report) reveals fear among UK SMEs about insider threats. Some key findings include:

  • Nearly half of UK SMEs (47%) believe they are at greater risk of a cyberattack since the cost-of-living crisis.
  • 38% believe this is due to increased malicious insider threats, and 35% believe it is due to negligent insider threats.
  • 1 in 4 believe staff are overwhelmed or concerned about meeting their financial commitments.
  • 20% believe employees will steal sensitive or proprietary data from the company to sell for profit or for a competitive advantage.
  • 17% believe employees will seek to harm the company’s reputation due to resentment over salary cuts/stagnation and/or layoffs.

London, UK (15th June 2023) – Nearly half of UK SMEs (47%) believe they are at greater risk of a cyberattack since the onset of the cost-of-living crisis. Of these respondents, 38% believe this is due to increased malicious insider threats (i.e., disgruntled employees making decisions that are not in the best interest of the company) and 35% believe it is due to negligent insider threats (i.e., overworked or distracted employees making mistakes). This is according to a survey of a thousand SME senior leaders across the UK, commissioned by CyberSmart, the category leader in simple and accessible automated cybersecurity technology for small and medium-sized enterprises (SMEs), and conducted by Censuswide.

In light of the economic uncertainty, almost 1 in 3 employers (29%) admit that employee salaries have stayed the same: in effect, resulting in a decline of real wages to accommodate for inflation. A further 11% have even gone so far as to reduce salaries. What’s more, nearly a quarter (24%) of SMEs have hit pause on recruitment, while 16% have laid off employees for budgetary reasons.

It is no coincidence then that 1 in 4 employers (24%) are finding that their staff are overwhelmed or concerned about meeting their financial commitments, while nearly a fifth (18%) find they are feeling overworked. Moreover, 16% believe their staff are less engaged or productive due to the stress, 14% think they are more disgruntled and 11% have noticed an increased rift between senior leadership and employees.

Remarkably, employers expect their employees might engage in the following activities whilst in this unhappy state.

  • 22% believe employees will take on a second or third job during contractual hours.
  • 22% believe employees will be more likely to make mistakes such as clicking on a phishing link.
  • 20% believe employees will steal sensitive or proprietary data from the company to sell for profit or for a competitive advantage.
  • 17% believe employees will seek to harm company reputation due to resentment over salary cuts/stagnation and/or layoffs.
  • 14% believe employees will use AI such as ChatGPT to do their job for them.
  • 14% believe employees will steal money from the company or commit financial fraud.

“Not all businesses are experiencing a negative company culture as a result of the crisis. In fact, 20% believe the cost-of-living crisis has brought the company closer together and 16% of employees are becoming more motivated to impress senior leaders. Nevertheless, in times like these, it is crucial that employers are mindful of how their staff are coping,” said Jamie Akhtar, CEO and Co-Founder of CyberSmart. “It only takes one disgruntled or overworked member of staff to make a decision that could put the entire business at risk. This research highlights the importance of conducting regular security awareness training, but also the need to show up for employees with empathy and support.”

It should be noted that SME business leaders also consider external forces to be responsible for the growing risk of cyberattacks, with 32% attributing it to higher rates of supply chain fraud and 31% expressing concern about nation-state interference from hostile countries such as Russia and China.

Want to know more? Read the report in full here.

SME cost of living crisis

What are the 2023 changes to Cyber Essentials?

changes to Cyber Essentials

April 2023 is set to see more changes to the Cyber Essentials question set. Here’s everything you need to know and what it means for your business.

What’s happening? 

On 23rd January 2023, the NCSC published an updated set of requirements, version 3.1 for the Cyber Essentials scheme. These changes called the ‘Montpellier question set’, come into force on 24th April 2023 and will replace last year’s Evendine question set.

What are the changes?

1. The definition of ‘software’ has been updated to clarify where firmware is in scope.

2. Asset management is now included as a highly recommended core security function.

3. A link to the NCSC’s BYOD guidance is now included to help businesses better manage their devices.

4. Clarification on including third-party devices – all devices that your organisation owns that are loaned to a third party must now be included.

5. The ‘Device unlocking’ section has been updated to reflect that some vendors have restrictions on device configuration. If that’s the case, the recommendation is to use the vendor’s default settings.

6. The ‘Malware Protection’ section has been updated. You must make sure that malware protection is active on all devices in scope. All anti-malware software has to:

  • Be updated in line with vendor recommendations
  • Prevent malware from running
  • Prevent the execution of malicious code
  • Prevent connections to malicious websites over the internet

And, only approved applications, restricted by code signing, are allowed to execute on devices. You must:

  • Actively approve such applications before deploying them to devices
  • Maintain a current list of approved applications, users must not be able to install any application that is unsigned or has an invalid signature
  1. New information has been added about how Cyber Essentials affects businesses using zero trust architecture. In short, this should be affected by the Cyber Essentials controls.
  2. The illustrative specification document for Cyber Essentials Plus has been updated. The changes to the malware section affect how an auditor carries out a Cyber Essentials Plus assessment and this will be discussed with customers when they book.
  3. Several style and language changes have been made and questions reworded to make the process simpler and easier to understand.
  4. The technical controls have been reordered to align with the self-assessment question set.

What does this mean for your business?

It’s relatively simple.

Any Cyber Essentials assessment that begins before 24th April 2023, will continue to use the current requirements. Meanwhile, any assessment that begins after 24th April will be assessed using the new Montpelier requirements.

The changes aren’t complicated and shouldn’t impact your ability to achieve certification or the time it takes to complete it. However, if you do have any questions, please get in touch and one of our team will be happy to talk you through it. 

Unsure whether certification is right for your business? Check out our guide to cybersecurity certifications in the UK.

Cybersecurity certifications

CyberSmart joins Kickstart’s new accelerator

Another week, another good news story at CyberSmart. We’ve joined Kickstart’s new accelerator. Here’s what it all means.

What is Kickstart? 

Kickstart is one of Europe’s largest innovation platforms. It helps start-ups in a variety of sectors from FinTech to food and retail to innovate and scale sustainably. 

Since its founding in 2015, Kickstart has helped create over 220 commercial partnerships and supported 323 start-ups. 

What does the accelerator involve? 

Companies selected for the accelerator take part in a ten-week programme. It’s designed to breed commercial partnerships and encourage collaboration between start-ups and Kickstart’s partners. Its partners include AXA, Co-op, Swisscom, La Mobilière, PostFinance, Sanitas, The City of Zurich, Canton de Vaud, Credit Suisse, Galenica, CSS Insurance and others.

What does this mean for CyberSmart?

We’re delighted to be picked for the accelerator’s InsurTech cohort. Not only did we beat some strong competition, with applications coming from 58 countries, but we’re also set to work alongside some of the biggest names in the FinTech and InsurTech industries. 

This represents a massive opportunity for us. We’ll learn from and collaborate with some of the best. And, it’ll help us generate new ideas, refine our current products, and reach more small businesses than ever before.

All in all, it’s another step in our journey to protect every small business from cyber threats. Stay tuned for what comes next.

Protecting your business on a budget is tricky. Calling in the experts or investing in the latest tools is expensive. So what can you do? CyberSmart Active Protect secures your business around the clock with no need for costly consultants, tools or an in-house team. Try it today.

Active Protect CTA

Double delight as CyberSmart scoops two awards

We love an awards ceremony at CyberSmart. It’s a chance to wear long-neglected formal wear, snaffle a free dinner, and meet up with the people that make cybersecurity such a great industry to work in.

However, what we love even more than the glitz and glamour is winning. So imagine our delight when we were nominated for the 2022 SC Awards Europe and CompTIA Spotlight Awards and took home a gong at each. 

What were the awards?

The SC Awards Europe, run by SC Media UK, is one of the most prestigious events in the cybersecurity industry’s calendar. It aims to recognise and reward products and services that continue to stand out from the crowd, exceeding customer expectations to help defeat imminent threats and cybersecurity attacks.

The nominees and winners of these awards usually, read like a who’s who of the cybersecurity sector. So we were very happy to be nominated, particularly as we narrowly missed out on an award last year.

The Computing Technology Industry Association (CompTIA) is a global leader in the training and upskilling of IT professionals. And, it’s one of the leading voices in our sector. Perhaps unsurprisingly, this makes the organisation’s annual awards ceremony a must-attend within the cybersecurity industry. 

What did we win? 

We won both the CompTIA UK Innovative Vendor Spotlight Award and SC Awards Europe’s Best SME Security Solution award.

We’re incredibly proud to win two such prestigious awards, especially amongst such impressive competition. We’d also like to say congratulations to all the other nominees and winners.

What comes next? 

Although we’re always thrilled to win awards, our work is far from done. We won’t stop until every small business has the knowledge and protection to keep themselves safe from cyberattacks.

As we write this, SMEs are being targeted like never before and there are still too many without adequate protection. And these awards, while proving we’re on the right track, only spur us on to help more small businesses.

To find out more about what drives us, read our latest guide, The State of UK SME Cybersecurity. It’s full of useful insights on the risks small businesses face and what can be done to counter them. Get your copy here.

State of SME cybersecurity

CyberSmart up for three awards

Awards

Awards season is just around the corner. So we’re delighted to kick proceedings off with a bang, bagging three nominations at the 2021 Network Computing Awards

What is the Network Computing Awards? 

Network Computing Magazine is one of the UK’s most prominent online tech publications. It began life in the 1990s as a monthly print publication covering the tech world, before moving to online-only in the late noughties.

As part of its focus on IT and tech, Network Computing also hosts an annual awards ceremony celebrating the best the industry has to offer. Past winners read like a veritable who’s who of tech royalty, including everyone from SolarWinds to Dell and Cisco.

What awards is CyberSmart up for? 

We’re honoured to have been nominated for three awards:

Remote Working Product of the Year (Cybersmart Active Protect)

The One to Watch Company (CyberSmart)

The Innovation Award (Cybersmart Active Protect)

We’re particularly proud to see CyberSmart Active Protect up for two awards. We’ve spent most of the year so far refining our approach to cybersecurity for SMEs. And these nominations are a great early sign that we’re on the right track.

But we’re just getting started. The rest of 2021 will see more exciting developments and the launch of several new products.

In the meantime, we’d like to wish all the other nominees the best of luck. We’ll certainly be crossing everything in the run-up to the ceremony on the 21st of October! 

Are you a small business looking to improve cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene. 

CTA button

Case study: Helping a healthcare business build trust

Healthcare

Cyber Essentials certification is becoming ever-more important to the healthcare industry, particularly for those firms looking to work with the NHS. 

So we sat down with Kim-Lisa Gad, Governance, Risk and Compliance Manager at Vula Mobile to discuss how CyberSmart has helped the business complete Cyber Essentials Plus certification.

Vula is a medical referral app and online platform that makes it easy for primary healthcare workers to get advice from and refer patients to specialists.

CyberSmart: What security challenges have you faced as a business? 

Kim: Like many businesses – even those with good physical, technical and administrative security measures in place –  it’s often a challenge to reassure customers and partners that their data is protected and our organisation is secure. 

The Cyber Essentials Plus certification has allowed us to demonstrate to customers and partners that we take security seriously. And, that we’re continually improving and verifying that our security processes are effective and well managed. 

CyberSmart: What prompted you to get Cyber Essentials Plus certification?

Kim: Initially, we were required to get Cyber Essentials Plus to apply for a business tender. However, since then, Cyber Essentials Plus has helped us obtain and move forward with other contracts. Being able to demonstrate our security measures to current and potential customers has proved invaluable. 

The Cyber Essentials Plus certification offered through CyberSmart is an absolute necessity for any business that wants to validate its security commitments.

CyberSmart: How easy was the process from initial enquiry to certification?

Kim: The process was exceptionally quick and seamless, from our initial contact with James (Direct Sales Manager at CyberSmart) to our audit with Glen (CyberSmart’s Head of Cyber Audit) and obtaining our certification. 

The team at CyberSmart were always on hand with information and advice, making the whole process much less stressful. It was also wonderful that they were able to do everything remotely as we are based in South Africa. 

CyberSmart: How long did the process take? 

Kim: The initial questionnaire for Cyber Essentials took around a week to complete. We had our first response back requesting more information on three questions within a day of completing it. I provided the information the same day and we were granted certification later that afternoon. 

We then started Cyber Essentials Plus certification two weeks later, preparing ourselves for the online audit. The audit took around three hours; Glen was exceptional in helping us prepare and very thorough in his assessment. We received our Cyber Essentials certification the same day as the audit which was a very efficient turnaround. 

CyberSmart: How has Cyber Essentials Plus helped your business?

Kim: It’s proved an invaluable way of proving to customers, partners and prospects that our security is effective and follows best practices. Certification has also made the process of submitting tenders and business documentation much easier. The certification itself answers many of the questions we’re asked in potential business agreements. 

Our customers, partners and prospects have really appreciated the additional assurance that certification provides.

CyberSmart: Have you noticed any change in your relationship with customers, suppliers, or prospects since getting certified?

Kim: Our customers, partners and prospects have really appreciated the additional assurance that certification provides. What’s more, their trust in how we manage our business and the services we provide has also increased. 

We find once we’ve submitted our Cyber Essentials Plus certificate to other businesses, they’re generally satisfied and don’t require any further proof of our commitment to security. The certificate provides all the proof they need. 

CyberSmart: Would you recommend Cyber Essentials Plus to other businesses like yours?

Kim: Most definitely. The Cyber Essentials Plus certification offered through CyberSmart is an absolute necessity for any business that wants to validate its security commitments. And, it’s a great way to assure customers and business partners that your organisation is secure.

Finally, it’s also a very methodical approach to ensuring your security measures are well-thought-out, executed properly, and mitigate cybersecurity risks. 

Considering Cyber Essentials Plus for your business? Click here to find out why CyberSmart is the UK’s leading provider of Cyber Essentials certification.

CTA button