What is Cyber Essentials?
Cyber Essentials is a government-backed cyber security certification scheme that sets out a good baseline of cyber security suitable for all organisations in all sectors. The scheme addresses five key controls that, when implemented correctly, can prevent around 80% of cyber attacks.
Why do you need Cyber Essentials?
With Cyber Essentials you can focus on your core business objectives, knowing that you’re protected from the vast majority of common cyber attacks. You will also be able to drive business efficiency, save money and improve productivity by streamlining processes.
Achieving certification will also help you to address other compliance requirements such as the EU General Data Protection Regulation.
Demonstrate to clients, insurers, investors and other interested parties that you have taken the precautions necessary to reduce cyber risks.
Be able to bid for UK Government contracts that involve the handling of personal and sensitive information, and increase your chances of securing business within the private sector.
Insurance agencies look favourably on organisations with Cyber Essentials, resulting in lower insurance premiums.
For more benefits on Cyber Essentials go to our Cyber Essentials benefits page >>
The two levels of certification
There are two levels of Cyber Essentials certification available to your organisation: Cyber Essentials and Cyber Essentials Plus.
The Cyber Essentials certification process includes a self-assessment questionnaire (SAQ) and an external vulnerability scan.
Cyber Essentials Plus
Cyber Essentials Plus certification includes all of the assessments for the Cyber Essentials certification but includes an additional internal scan and an on-site assessment.
The five key controls
How to get certified
We have developed three fixed-price packaged solutions: Do It Yourself, Get A Little Help, and Get A Lot Of Help to support certification to either Cyber Essentials or Cyber Essentials Plus at a pace and for a budget that suits you.
Why choose IT Governance for Cyber Essentials certification?
IT Governance is the leading CREST-accredited certification body, and has awarded hundreds of certifications, with many more companies achieving certification every day. Cyber Essentials clients include companies such as Vodafone, Airbus Defence and Space Ltd, Action for Children, and ELEXON. See the full list of Cyber Essentials certified organisations >>
You can conduct the entire certification process online, without any expert cyber security knowledge, with our CyberComply portal.
We provide all of the tools and resources needed to achieve CREST-accredited certification at both levels of the Cyber Essentials scheme.
We deliver all of the technical tests and assessments, conducted by our experienced, CREST-accredited testers.
By choosing a CREST-accredited certification body like IT Governance, you will benefit from the added level of independent verification of your cyber security status provided by an external vulnerability scan. Non-CREST-accredited certification bodies issue certificates purely on the submission of a self-assessment questionnaire, without assessing the status of the client’s networks and applications.
Completely new to Cyber Essentials?
Begin your journey towards certification today – use our very own pocket guide to give you a basic understanding of the Cyber Essentials scheme. Buy your pocket guide today.
Background of the Cyber Essentials scheme
The Cyber Essentials scheme is a key deliverable of the UK’s National Cyber Security Programme. Realising that the controls in its 2012 guide, 10 Steps to Cyber Security, were not being implemented effectively, the government instigated a call for evidence on a preferred cyber security standard. In November 2013, it concluded that no individual standard met its specific requirements, so it developed the Cyber Essentials scheme.
Cyber Essentials delivers the basic controls that all organisations should implement to mitigate the risk from common Internet-based threats.
The scheme provides a mechanism for organisations to demonstrate to customers, investors, insurers and others that they have taken essential precautions to secure against the majority of cyber risks.
A recent report by the government UK cyber security: the role of insurance in managing and mitigating the risk revealed plans to include Cyber Essentials certification in insurers’ risk assessments for SMEs.
Cyber Essentials enables companies to successfully tender for government contracts. View the UK Government’s procurement policy notice here.
The scheme is backed by major industry players including BAE Systems, Lockheed Martin, Barclays and Hewlett-Packard. The Information Commissioner has stated that he “supports the Cyber Essentials Scheme and encourages all businesses to be assessed against it”.
The Cyber Essentials scheme is increasingly popular within the private sector; more than 1,200 organisations have adopted the scheme to date. Insurance firms have recognised that Cyber Essentials certification is a valuable indicator of a mature approach to cyber security and, according to a government report, Cyber Essentials certification can also contribute to the reduction of risk.
Click here to find out which organisations IT Governance has certified >>