What is Cyber Essentials?
Cyber Essentials (CE) is a UK Government-backed certification that protects against cyber threats. CE is made up of 5 technical controls designed to provide protection from the most common Internet-based threats. These include using stronger passwords, updating software regularly, limiting access to sensitive information, background checks of employees, among others.
“1 in 6 UK small and mid-sized enterprises fell victim to a cyber attack in the last 12-month duration. Of the enterprises affected, more than one-fifth stated that it cost the company more than £10,000, and 1 in 10 mentioned that it cost more than £50,000.”
– Zurich SME Risk Index
Here are five clear benefits of having Cyber Essentials certification:
Protection against cyber threats
The National Cyber Security Centre estimates that CE reduces the risk of common cyber threats by 80%. Hackers are constantly trying to steal data, money or cause severe disruption to businesses. Following the Cyber Essentials scheme is a great way for businesses to begin to address cyber threats.
Improves existing and potential customers’ trust
A report by KPMG showed that almost 60% of UK consumers would stop using a business after a breach. Businesses following the CE scheme have a competitive advantage in comparison to competitors without accreditation. CE certified business show a commitment to security. Demonstrating to customers, investors, suppliers, and regulators that it takes cyber security seriously. CE accreditation becomes even more critical for business using and storing personal data like medical records or financial information.
Cyber Essentials an essential step towards preparation for GDPR
GDPR is the data privacy regulations which aims to give protection and control to the EU populace over personal data. The law will affect how businesses can collect and use personal data. Companies will be required to be transparent when it comes to collecting and using personal data. CE is a significant first step in preparation for GDPR as violators will have to pay a potential fine of up to €20 million or up to 4% of a company’s annual turnover.
Improves business efficiency
Without a plan, lots of time and money is spent on patching IT infrastructure and security when they arise. There is an inevitable loss in staff time during the restoration of services, particularly for IT staff. Implementing CE allows technical and non-technical staff to remain as efficient as possible by focusing on core business without the need to fix bits and pieces of the company’s IT infrastructure.
Better chance of winning business
The UK Government is using the scheme as a step towards reducing the levels of cyber risk in its supply chain. Since October 2014, businesses bidding for Government contracts which require handling of personal data need to be CE certified. CE being made a requirement for more and more private sector tenders too.
Interested in finding out more about Cyber Essentials certification for your business?
Book a 15-min no-obligation call with our Managing Director Mark here.
