This website uses cookies. View our cookie policy
Select regional store:

Cyber Essentials—the cybersecurity starting point for all small and medium businesses

All organizations with an Internet presence are at equal risk from automated cyber attacks, but not all organizations have equal resources to deal with them. Although smaller businesses face the same threats as their larger counterparts, many lack the security posture and incident response plans necessary to defend against, and react to, attack. This actually ends up costing them more!

  • PwC’s 2015 Information Security Breaches Survey found that 74% of smaller organizations have suffered a security breach, up from 60% in 2014.

Every SME wants to prevent the expense, disruption and reputational damage that a cyber attack will cause, but many are daunted by the prospect of implementing enterprise-wide cybersecurity controls.

Smaller businesses need not put themselves at risk, though: addressing the majority of cybersecurity threats is actually relatively straightforward, even if your organization lacks technical expertise.

Most data breaches are caused by companies failing to implement basic security measures. The Cyber Essentials scheme sets out the means of doing this.


The business benefits of implementing Cyber Essentials

The Cyber Essentials scheme provides five security controls, which, according to the UK government, could prevent “around 80% of cyber attacks.”

Whether or not you achieve certification to the scheme, these controls provide the basic level of protection that you need to implement in your organization to protect it from the vast majority of cyber attacks, allowing you to focus instead on your core business objectives.

Properly implemented cybersecurity has the additional advantage of driving business efficiency throughout the organization, saving money and improving productivity.


Implement these five Cyber Essentials controls to help your business stay secure:

  1. Secure configuration

    By ensuring your computers and network devices are configured properly, you can identify systems or databases that you no longer need or use. You will have the opportunity to reduce your overall storage and bandwidth consumption, as well as reducing the level of inherent security vulnerabilities. Click for more information >>

  2. Boundary firewalls and Internet gateways

    Using boundary firewalls to monitor traffic to your server(s) enables you to better understand and manage your bandwidth requirements, potentially allowing you to renegotiate your hosting costs as well as blocking attackers and external threats. Click for more information >>

  3. Access control and administrative privilege management

    Managing access control and administrative privileges erodes the opportunity for staff to install time-wasting software on to their computers, as well as removing the insider threat. Click for more information >>

  4. Patch management

    Keeping on top of software patching and licensing makes your company more productive as well as more secure. Patches often improve the performance of the products they apply to and remove issues that slow down employees, such as crashes and poor performance caused by congested networks. Click for more information >>

  5. Malware protection

    Implementing appropriate malware protection has its obvious security advantages, but an often overlooked benefit of it is the time and cost savings that result from avoiding devices being out of action. Click for more information >>


The benefits of Cyber Essentials certification

A Cyber Essentials or Cyber Essentials Plus badge will enhance your business’s reputation and open up new commercial opportunities by proving to your customers that you take the security of their information seriously and are taking the necessary steps to reduce cyber risks.

If you supply larger organizations that want to manage their third-party risks, the independent verification of your security posture provided by certification demonstrates that you won’t put the supply chain at risk.

If you want to apply for UK government contracts, you’ll need Cyber Essentials certification. The UK government requires “suppliers of most contracts and services to hold a Cyber Essentials certificate.”


Cyber Essentials implementation

Whatever your organization’s cybersecurity budget or level of technical expertise, implementing the scheme’s five controls is well within your reach.

As former-Digital Economy Minister Ed Vaizey said in November 2015: “I’d like to see all businesses operating online adopt Cyber Essentials. Cyber Essentials isn’t just for the large prime firms—it also helps them to manage their third-party risks, which is why we have made the scheme suitable for smaller businesses, including those who are part of larger supply chains.”

IT Governance’s fixed-price Cyber Essentials implementation packages have been put together to suit every budget and preferred project approach.

Find out more >>