First introduced in 2014, Cyber Essentials helps firms to minimise risk, guard against breaches and demonstrate both an understanding of, and commitment to cyber security.
What is Cyber Essentials Certification?
Cyber Essentials is a UK government-backed scheme that helps organisations of every size to protect themselves from cyber-attacks. The Cyber Essentials certification is both an award to firms that qualify, and a demonstration of a business’s commitment to cyber security.
The most common cyber threats are well known and include phishing, malware, and denial-of-service (DDOS) attacks. The instigators of these cyber-attacks, the threat actors, are often unsophisticated and unskilled but they can still do a lot of damage to an organisation if preventative measures are not taken.
The two levels of Cyber Essentials certification allow firms to take proactive steps in cyber security, both at the essential level and beyond with the more advanced Cyber Essentials Plus.
The Two Cyber Essentials Certifications
The two levels of Cyber Essentials certification are:
- Cyber Essentials
This self-assessment certification helps organisations to protect themselves against the most common attacks. It is important because defence against “low level” attacks can reduce the risk of further attention and more aggressive cyber threats. - Cyber Essentials Plus
In addition to the approach of Cyber Essentials, Plus covers the same protections and introduces a more “hand-on” technical verification.
Why Become Cyber Essentials Certified?
There are a number of excellent benefits of Cyber Essentials certification.
- Reduced risk of cyber-attack: Cyber Essentials certification helps your organisation to reduce the risk of potential cyber-attacks by implementing a set of basic technical controls.
- Improved reputation: Cyber Essentials certification demonstrates to customers and suppliers that your business is committed to cybersecurity.
- Compliance with regulations: Many regulations, such as the UK’s General Data Protection Regulation (GDPR), require organisations to implement appropriate technical and organizational measures to protect personal data. Cyber Essentials certification can help your business to comply with these regulations.
How Do You Gain Certification?
There are a couple of routes to gain Cyber Essentials certification for your organisation.
One path is to download the Cyber Essentials Requirements for Infrastructure document from the National Cyber Security Centre (NCSC) website. This document provides detailed guidance on how to meet the Cyber Essentials requirements.
You will need to read and review the requirements and assess your organisation’s current security posture. This can be done by using the Cyber Essentials Readiness Toolkit. The toolkit provides a set of questions and resources to help you identify any areas where your security needs to be improved.
The other option is to use an independent auditor, like PurpleJelly, to verify your assessment and award you Cyber Essentials certification. Using our own Cyber Essentials service is simple: we work closely with you to assess your readiness, guide you through all the steps, and ensure you’ve firmed up your company’s cyber security stance.
What Do We Need to Do to Gain Cyber Essentials Certification?
The checklist in the Readiness Toolkit will help you to assess your current security posture. It can identify any areas where your organisation needs to improve. Act on all the points in any plan you’re provided with at the end of the assessment.
Once your organisation is ready, and you’ve completed an asset register, secured services, set up firewalls and access protocols, reviewed software, and have a robust password policy etc., then you can look at the Cyber Essentials FAQs.
You can preview all the self-assessment questions and, when you’re ready, apply for the assessment. How much it costs depends on the size of your organization.
Cyber Essentials Costs
For firms with fewer than 10 employees (A micro-organisation) fees start at £300 + VAT (At the time of publication).
This rises for SMEs, with smaller organisations paying £400 + VAT, and medium-sized firms paying £450 + VAT.
For larger organisations, with over 250 employees, Cyber Essentials assessment costs £500 + VAT.
To put that into perspective, the Government’s Cyber Security Breaches Survey 2023 puts the average cost of a cyber security breach at £1,100.
However, this can vary dependent on the size and severity of a cyber-attack, and the industry type. For a medium-sized or larger business, the average cost of cyber intrusion increases to £4,960.
So having a Cyber Essentials certification is beneficial on so many levels, as well as financially.
Conclusion
Cyber Essentials is a valuable scheme that can help organisations of all sizes to firm up their security posture, mitigate risks, as well as reduce costs and disruption. Your certification can even have a positive effect when other businesses have confidence in your approach. Some organisations will only deal with qualified firms.
If your organisation needs greater security through Cyber Essentials, get in touch with PurpleJelly’s professional IT support team. We will guide you through the whole process and ensure your firm has the essential processes in place to reduce the risks and costs of cyber threats.