Cyber Essentials is providing cybersecurity protection to organisations of all sizes, and offering peace of mind against the potential reputational, financial and legal consequences of a cyber-attack.

Marking ten years since its release, a government survey has found that 82 percent of those surveyed were confident that the technical controls in the standard provide protection against common cyber threats, while two-thirds (64 percent) said that being certified through the scheme better enables their organisation to identify where they experience a common, unsophisticated cyber-attack.   

Also, 85 percent of Cyber Essentials accredited users believe that the scheme has directly improved their understanding of cybersecurity risks, while 88 percent believe that the scheme has directly improved their understanding of the steps they can take to reduce those risks.

Strengthen Understanding

Asked if the scheme has directly strengthened their senior management’s understanding of the risks posed by cyber-attacks, 86 percent agreed, while 71 percent agreed that the scheme has directly strengthened how seriously their organisation takes cybersecurity. 

In a speech to the House of Lords, Feryal Clark MP, cybersecurity minister at the Department for Science, Innovation and Technology said she has always believed Cyber Essentials helps drive better cybersecurity across the economy, and the research can prove that it does.

“Recent insurance data shows us that organisations with Cyber Essentials are 92 percent less likely to make a claim on their insurance than those without it,” Clark said. “Additionally, where organisations require their third parties to get Cyber Essentials, we know they experience fewer third party cyber incidents.”

Prepared and Confident

William Wright, CEO of Closed Door Security, said the evaluation clearly demonstrates that Cyber Essentials offers significant security benefits to organisations, as accredited businesses are clearly more cyber-aware, feel more prepared to handle routine cyber-attacks and feel confident with the controls they have in place.

“It’s also evident organisations feel more confident entering into partnerships with suppliers that are Cyber Essentials accredited, which shows how the certification is also being used to support third party resilience,” he said.

“However, the study could raise some red flags, particularly with the data saying that 53 percent of respondents revealed that Cyber Essentials is the only form of external assurance they have for their cybersecurity. If these organisations are only accredited with the basic version of the certification, this will not be enough to protect their systems against many of the attacks we are seeing today.“

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.