Cyber essentials, what are they – Part I?

Cyber security is recognised as one of the greatest threats to business around the world. The World Economic Forum’s 2016 Global Risk Report estimated that the annual cost of crime in cyberspace is more than £350 billion annually.

The 2016 Government Cyber Health Check and Cyber Security Breaches Survey found that 65% of large organisations reported that they had suffered an information security breach in the past year, and 25% of these experienced a breach at least once a month. The average cost of a breach was £36,500 for large firms and £3,100 for small firms. It was noted that almost seven out of ten attacks involved viruses, spyware or malware that might have been prevented using the Government’s Cyber Essentials scheme.

In November 2016, the UK government launched a new National Cyber Security Strategy designed to bolster the UK’s cyber security. It sets out action to protect the UK economy and to encourage industry to improve its own prevention measures.

The government supported Cyber Aware campaign and Cyber Essentials scheme are an important element in supporting business in implementing basic controls to mitigate the risk from common internet based threats.

So, what is Cyber Essentials

The Government and industry developed the Cyber Essentials scheme to provide a sound foundation of basic hygiene measures that a business should implement to provide a basic protection from the most prevalent threats from the internet. Cyber Essentials can protect your business against infection through users clicking on malicious e-mail attachments or website links, (Phishing); and from the exploitation of known vulnerabilities in internet connected servers and devices (Hacking).

In addition, the scheme provides an Assurance Framework to demonstrate to customers, investors, insurers, and others that the required basic measures have been adopted.

The Assurance framework provides for two levels of certification awards that provides comfort to your clients that you have implemented basic cyber security controls. Firstly, Cyber Essentials certification is based on a self-assessment questionnaire, verified by an independent Certification Body who evaluates whether the required standard has been adopted. Cyber Essentials Plus provides additional assurance by independently testing that the measures are in place.

Cyber Essentials is a mandatory requirement for all suppliers of central government contracts which involve handling personal information and providing certain IT services. Many businesses have now adopted Cyber Essentials and expect their supply chains to do so.

Click here to read part 2.

For more information on Cyber Essentials please contact Gareth Burton or Peter Ennis at or telephone 020 7112 8300.