top of page

Cyber Essentials: The affordable way to tackle online threats

In the latest instalment of our Spotlight series, we talk to SafeWatch managing director Steven Gordon about the Government-backed Cyber Essentials scheme.

Steven Gordon (bottom left) is the managing director of SafeWatch

Q: Hi Steve, let’s begin by talking a bit about your company. What can you tell us about SafeWatch Online Ltd?

We’re based in Oxfordshire and we utilise frameworks like Cyber Essentials and IASME Gold to help business assess their current situation in relation to information security, legislative compliance and governance. We combine the best security products along with business intelligence tools to give a suite of tools that educate, analyse and help businesses manage their IT security.

We’re part of Blue Planet IT which I founded in 2010, bringing together a collection of skilled and talented individuals from the world of IT. Some of the companies that our staff come from are names like HP, The Financial Times Group, Zenos and Fired Earth, to name a few. Our staff have held senior posts within these companies, responsible for design, implementation and support of 1000s of users.

Q: SafeWatch joined our Centre last year as a Trusted Partner, which means you’re available to help our members complete the Cyber Essentials programme. What is Cyber Essentials and why do businesses need it?

Cyber Essentials is a simple, Government-backed scheme that will help protect businesses, whatever its size, against a whole range of the most common cyber attacks. The scheme is administered by the National Cyber Security Centre and its delivery partner IASME.

As well as guarding against the most common cyber threats, it also demonstrates your commitment to cyber security which can often become a requirement when tendering for work in both public and private sectors.

Q: What does it involve?

IASME will send the business a list of questions that form part of a self-assessment. We’re on hand to help businesses put measures in place that will help them pass the self-assessment. Once they’ve passed it, they are issued a Cyber Essentials certificate which is valid for one year.

Q: How much does it cost for a basic level Cyber Essentials assessment?

It costs £300+VAT for each assessment, so it’s very affordable. As soon as you have paid, IASME will send you login details for your online assessment portal. You then have six months to complete the assessment before the account is archived.

Q: What kind of changes do businesses typically need to make to gain the Cyber Essentials certificate?

We’re talking about changing default passwords, making sure you’ve got a firewall protecting your environment, making sure you’ve got antivirus software, ensuring you’re updating your devices and that only people you want to have access to those devices have access. It’s all relatively easy stuff to implement.

Q: What is Cyber Essentials Plus?

Cyber Essentials Plus involves a technical audit of the systems that are in-scope for Cyber Essentials. This includes a representative set of user devices, all internet gateways and all servers with services accessible to unauthenticated internet users. The assessor will test a suitable random sample of these systems (typically around 10 per cent) and then make a decision whether further testing is required.

The Cyber Essentials question set is part of the Cyber Essentials Plus certification process. If you have achieved the basic level Cyber Essentials certification less than three months before certifying to Cyber Essentials Plus you will not need to repeat the self-assessment questions stage.

Q: What would you say to business owners who are reluctant to incur the cost of Cyber Essentials, given the current economic climate?

If Cyber Essentials protects you from 80% of known cyber attacks – malwares and things out there that are likely to trip you up – then, as a director of a company, you’d be found wanting if you’d decided not to do it.

Research suggests SMEs are being successfully hacked every 19 seconds in the UK. That’s a very scary statistic so it’s certainly worth investing in Cyber Essentials. We recently worked with a business that lost their main client after being hit by a ransomware attack. We also know charities that have suffered – and they wouldn’t have if they’d had Cyber Essentials in place.

Q: The Government wants to rapidly increase uptake of the Cyber Essentials scheme. How easy is it to persuade businesses to invest in schemes that will improve their cyber security?

Awareness of it is key. We talk to customers about Cyber Essentials and the reception has always been positive. It is an excellent investment - £300 is a lot cheaper than the consequences of being hit by a data breach such as a ransomware attack. Businesses have literally been wiped out.

SafeWatch Online are part of our Trusted Partners network. Trusted Partners are official providers of Cyber Essentials and Cyber Essentials Plus Certification. To find out more about SafeWatch Online, visit their website here.


The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page