Why certify to Cyber Essentials?
- A Government backed certification introduced following their concern that organisations were not putting the basic technical controls in place to protect themselves against the most common internet-based attacks.
- Scheme is referenced in the National Cyber Security Strategy 2016-2021:
The Cyber Essentials scheme was developed to show organisations how
to protect themselves against low-level “commodity threat”. It lists five technical controls (access control; boundary firewalls and Internet gateways; malware protection; patch management and secure configuration) that organisations should have in place. The vast
majority of cyber attacks use relatively simple methods which exploit basic vulnerabilities in software and computer systems. There are tools and techniques openly available on the Internet
which enable even low-skill actors to exploit these vulnerabilities. Properly implementing the Cyber Essentials scheme will protect against the vast majority of common internet threats.
- A simple yet effective scheme that will help protect an organisation against some of the most common cyber threats, such as:
- Phishing attacks
- Password guessing
- Network attacks
- A flexible certification that is applicable to organisations of all sizes and all sectors.
- Reassures you current and potential clients that you take cyber security seriously.
- Mandated, or actively encouraged, across an increasing number of government and private sector contracts. For MoD contracts, it is required throughout the supply chain.
- Information Commissioner’s Office recognises the Cyber Essentials scheme and its ability to provide certain security assurances and help protect personal data in an organisation’s IT system. ‘Get in line with Cyber Essentials’ is a section in the ICO’s ‘A practical guide to IT security’ publication.
- Encouraged by regulators such as the Financial Conduct Authority, ‘Gaining (a certification), such as Cyber Essentials, could improve the security of your firm.’
- Cyber Liability insurance included for organisations under £20m, achieving verified self-assessed certification covering the whole of their organisation.
Why re-certify on an annual basis?
- Once you have certified once, it should be much easier to recertify unless you have had major infrastructure changes or your software has gone out of support.
- An up-to-date certificate reassures your current and potential clients that you take cyber security seriously.
- You will only be listed as Cyber Essentials certified on the government website for one year from the date of your certification unless you renew.
- A requirement in the majority of government tenders and an increasing number of non-government tenders. These tenders often specify that the certificate must have been awarded within the last year.
- Having a Cyber Essentials certificate issued within the last year will be taken into account by the ICO in the case of a data breach
- The Cyber Insurance which is awarded to all UK SMEs when they achieve Cyber Essentials only lasts for a year and cannot be renewed unless the organisation recertifies to Cyber Essentials.