Search

Cyber Essentials: What is it and why do you need it?

Guard your organisation against the most common cyber threats by taking up Cyber Essentials today.

Cyber Essentials is a UK government scheme supported by the NCSC

According to the latest intelligence, small businesses in the UK are the target of an estimated 65,000 attempted cyber attacks every day.


While most attempts fail, one SME is successfully hacked every 19 seconds. These are ransomware attacks, phishing attacks, malware attacks – and the cyber risk is growing with remote working becoming a gateway to new forms of data theft.


These cyber attacks come in many shapes and sizes, but the vast majority are very basic in nature, carried out by relatively unskilled individuals.


They’re the digital equivalent of a thief trying your front door to see if it’s unlocked. The Cyber Essentials scheme is designed to prevent these attacks.


But what is Cyber Essentials? Here's everything you need to know about the Government-backed scheme.


Q: What is Cyber Essentials?

Cyber Essentials is a simple but effective, Government-backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber attacks. The scheme is administered by the National Cyber Security Centre and its delivery partner IASME.


There are two levels of certification:

  • Cyber Essentials

This self-assessment option gives you protection against a wide variety of the most common cyber attacks. This is important because vulnerability to simple attacks can mark you out as target for more in-depth unwanted attention from cyber criminals and others.


Certification gives you peace of mind that your defences will protect against the vast majority of common cyber attacks simply because these attacks are looking for targets which do not have the Cyber Essentials technical controls in place.

Cyber Essentials shows you how to address those basics and prevent the most common attacks.

  • Cyber Essentials Plus

Cyber Essentials Plus still has the Cyber Essentials trademark simplicity of approach, and the protections you need to put in place are the same, but for Cyber Essentials Plus a hands-on technical verification is carried out. Alternatively you can familiarise yourself with cyber security terminology, gaining enough knowledge to begin securing your IT.



Q: Why should you get Cyber Essentials?


There are 6 main reasons to gain Cyber Essentials certification:

  • Prevent up to 80 per cent of cyber attacks

  • Reassure customers that you are working to secure your IT against cyber attack

  • Attract new business with the promise you have cyber security measures in place

  • You have a clear picture of your organisation's cyber security level

  • Some Government contracts require Cyber Essentials certification

  • Cyber Essentials certification includes automatic cyber liability insurance for any UK organisation who certifies their whole organisation and have less than £20m annual turnover


Q: How do I become certified?

Our Trusted Partners are official providers of Cyber Essentials and Cyber Essentials Plus certification. To request Cyber Essentials via our TP network, click here.



Q: Do certificates have an expiry date?


All new certificates issued by our Trusted Partners will have a 12-month expiry date.


Q: How much does it cost to get Cyber Essentials certification?

The cost of Cyber Essentials (verified self-assessment) is £300 + VAT. The cost of a Cyber Essentials Plus assessment will depend on the size and complexity of your network. Please contact our Trusted Partners with any questions, they will provide advice and guidance.


Q: Do I have to obtain the first level of Cyber Essentials before going on to Cyber Essentials Plus?

No, you can go for Cyber Essentials Plus without obtaining the first level of Cyber Essentials. Your Certification Body will work with you to complete the Cyber Essentials questionnaire and verify compliance as part the process of achieving Cyber Essentials Plus.


Q: How are Cyber Essentials assessments verified?

A board member from the organisation signs a declaration to confirm that the assessment answers are true. A qualified assessor who works for a Certification Body then evaluates the responses.


In the event that you pass you receive a certificate. If you fail, you will receive feedback so you know which areas need to be addressed should you either want to re-apply for Cyber Essentials certification or take the opportunity to improve your cyber security.

Q: How quickly can I get certified to Cyber Essentials?

IASME always do their best to get the Cyber Essentials assessment results back to organisations as quickly as possible. It usually take IASME 1 - 3 working days from the time you submit your assessment.


If you have a tight deadline please let IASME know and they can try to fast-track assessments. This may be slightly longer than your previous assessment as we have introduced a more consistent and standardised approach for the benefit of the scheme.


Q: How do I become a Certification Body?

Any organisation that would like to be appointed as a Certification Body in the Cyber Essential Scheme will need to apply to IASME. Please note that organisations will have to be registered as a company in the UK, the crown dependencies or the EU.


Q: Do I need Cyber Essentials to bid for a Government contract?

Some Government contracts may require you to be Cyber Essentials certified or to be able to demonstrate that the technical controls are in place. In the first instance please confirm with the Government department their expectations with regards to Cyber Essentials.


Requirements and exemptions may vary between department, so it is important that you are able to seek clarification for each contract.



Q: Where can I find additional help and advice?

If you need any assistance or have any questions please get in touch with IASME info@iasme.co.uk or 03300 882752.


The contents of this blog provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.

EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.


The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.

 

EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.