What is Cyber Essentials?

Initiated in 2014, Cyber Essentials is a government-backed scheme implemented by the National Cyber Security Centre (NCSC), designed to guide businesses in the fundamentals of online security. Set up to protect businesses of all sizes, Cyber Essentials promotes the deployment of 5 key technical controls to counter the most common Cyber Threats. The scheme offers 2 levels of accreditation:

  • Cyber Essentials
  • Cyber Essentials Plus


How could my business benefit from Cyber Essentials accreditation?

  1. It helps close the most common security loopholes. The scheme won’t make your business impervious to cyber-attacks, but it will help defend you against most attacks which are carried out by relatively unsophisticated hackers. Cyber essentials provide a strong foundation on which you can develop more elaborate Cyber Defences.
  2. The ability to bid for more government contracts. Companies wishing to bid on certain Government contracts must hold Cyber Essentials certification. If the contract involves the handling of technical, personal, or other forms of confidential information then you’ll need to be Cyber Essentials compliant.
  3. It helps ensure GDPR compliance. GDPR doesn’t go into Cyber Security in detail, but it does make clear that companies should take steps to ensure data security through ‘technical or organisation measures’ in an article known as the security principle.

It states that personal data should be…

‘Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures’

Cyber Essentials alone will not make your business GDPR compliant, but it will go some way to ensuring you’re able to comply with the above principle.

  1. Certification will inspire confidence in your customers. Once certified you will be permitted to display a badge on your website; a badge that will display your commitment to Cyber Security and data protection. Customers old and new will have confidence that you’re handling their personal data with great care.
  2. It may save you money in the long run. Cyber Essentials accredited firms enjoy ‘Cyber liability insurance’- up to £25,000 worth of cover against a cyber-attack if your business turns over less than £20m. If your turnover exceeds £20m per year, you’ll likely benefit from lower premiums.

On average a cyber-attack will cost an SME £6500. Cyber Essentials accreditation will help protect your business from many online threats, enhance your reputation and inspire confidence for just £300 per year – undoubtedly a shrewd investment.


How Does the assessment process work?

The assessment process you experience will depend on the level of certification you’re aiming for.


Cyber Essentials

Cost: £300 plus VAT

Achieving the baseline Cyber Essentials accreditation is a relatively straightforward process. After the initial purchase, you’ll be given access to an online portal through which you complete a self-assessment questionnaire. Once completed this questionnaire is then independently reviewed by the certification body. From the initial purchase, you’ll have 3 months to submit your completed questionnaire. It is best to try and pass the assessment first time, as should any changes be required you’ll only have 3 days to make these changes and resubmit, and subsequent failure will require you to start a new application.


Cyber Essentials Plus

Cost: £1999-£2199 plus VAT

Cyber Essentials plus involves implementing the same security controls required to achieve Cyber Essentials, only this time you’ll be required to undergo an on-site technical assessment by a qualified assessor. This accreditation requires completion of the Cyber Essentials self-assessment within the previous three months. The technical audit involved does nothing more than ensure that the answers you’ve given to the self-assessment are accurate, and that appropriate technical controls are in place. If you fail the audit, you’ll have thirty days to make changes to satisfy the assessor, failing a second time will require you to restart the process – a potentially costly situation.

Because of the substantial costs involved it may be wise to seek a consultant to help you through the process of achieving Cyber Essentials Plus.


The 5 Key technical controls

There are 5 non-negotiable technical elements to achieving Cyber Essentials accreditation known as the ‘5 controls.’ Failing to implement the 5 controls will result in assessment failure so it’s wise to familiarise yourself with them before beginning the process.

They include…

  1. Firewalls
  2. Secure configuration
  3. Access controls
  4. Anti-Malware safeguards
  5. Proper maintenance

In this short blog series, we shall explore each of these 5 controls in greater depth and explore ways to implement each of them so that you can approach the Cyber Essentials accreditation process with confidence.


We’re YorCyberSec

We save companies time, money, and valuable resources, making sure more than just an internet search is performed before an investment is made. We take the time to understand the business and requirements, then look at the market and provide options that will are fit for purpose and pre-scoped.

Call Us Today: 0113 3720200 or send us an email: enquiries@YorCyberSec.co.uk