The five business benefits of Cyber Essentials

In 2014 the UK Government introduced the Cyber Essentials scheme to help organisations secure themselves against the ever-increasing number of cyber threats they face. Cyber Essentials is overseen by the National Cyber Security Centre (www.ncsc.gov.uk), with IASME (www.iasme.co.uk) managing the scheme. The scheme has been a runaway success and in 2020 alone over 18,000 organisations successfully acquired Cyber Essentials.

In this article, Kevin Crichton, the Managing Director of Bergerode Consulting (https://bergerode.consulting), the leading Cyber Essentials certification body in NW England and a Trusted Partner to the Greater Manchester Cyber Resiliency Centre, outlines the five business advantages that Cyber Essentials delivers to its holders.

Competitive Advantage

Reading about companies suffering data breaches is almost a daily occurrence. In response, customers (both personal and corporate) are becoming increasingly security savvy, favouring those companies which take proactive steps to secure their data and that of their customers. Cyber Essentials gives you a competitive advantage over your rivals by demonstrating that your organisation takes cyber security seriously. It delivers independent assurance that your organisation is compliant with five cyber security controls (listed below) which protect against cyber-attacks:

Secure Networking – is your network secure so that hackers are kept out? Secure Configuration – are your devices and software secured so that hackers cannot access them? Access Control – do you manage staff access to your data on a "need to know" basis? Malware Protection – are your devices are kept secure from viruses and ransomware? Patch Management – are your devices and software up-to-date with the latest security patches?

Better Risk Management

Not only does Cyber Essentials provide assurance to customers that your organisation takes cyber security seriously, it also provides you with crucial insight into the security posture of your organisation.

By reviewing the Cyber Essentials security controls, you will understand your strengths, but more importantly, you will understand where improvement may be necessary. This awareness will allow you to better appreciate the risks you face, and consequently address these risks much more effectively.

Cyber security risks come in many forms but knowing where and how you may be vulnerable will give you a head start in taking effective steps to prevent their occurrence.

More Contract Opportunities

Cyber Essentials is mandatory for contracts with the NHS, UK Government, and the Ministry of Defence, so possessing Cyber Essentials immediately puts you in a favourable position to take advantage of a wider range of opportunities. Cyber Essentials is also becoming increasingly popular within the private sector.

Many companies in the UK defence sector now require their suppliers to hold Cyber Essentials as a matter of course. Many companies, particularly in finance and insurance, now expect their suppliers to hold Cyber Essentials, especially if they handle customer data. As with ISO9001 (Quality Management) and ISO27001 (Information Security), Cyber Essentials is fast becoming a de facto standard that companies look for when choosing suppliers, so Cyber Essentials will help your organisation satisfy due diligence checks when bidding for contracts and tenders.

Protect Your Business Secrets

Cyber attacks such as data breaches and ransomware can often leave businesses in a precarious financial position. Yet there is also another, sometimes less obvious reason for cyber attacks. Many organisations are not targeted for money, but for their Intellectual Property and other business secrets, such as confidential contracts, bids for tender, and anything else that gives an organisation a competitive edge.

Whilst you may not consider your organisation to be a target, it might be engaged as a supplier to a bigger organisation, or be working on a prestigious project that cyber criminals may want to gain access to and they might seek to use your organisation and its confidential information as a stepping stone to this bigger target.

By undertaking Cyber Essentials, you will not only protect your organisation against cyber criminals looking to steal money, but also against those looking to undermine its existence by stealing its business secrets. 

Free Business Insurance

As previously earlier, businesses, especially small and medium sized ones, are a prime target for cyber criminals, often losing tens of thousands of pounds in cyber attacks. These losses often place them in a precarious financial position since they can mean the difference between the business collapsing or remaining viable.

Cyber Essentials comes with free Cyber Indemnity Insurance worth £25,000, and is available to any UK registered organisation that acquires Cyber Essentials. A core component of risk management is the ability off-set risk by taking out insurance, so the ability to acquire free Cyber Indemnity insurance is surely a benefit worth having.