Felicity Oswald OBE, CEO of the National Cyber Security Centre. " Cyber Essentials certification is a major step in making organisations more resilient, evidenced by the remarkable statistic that those that certify are 92% less likely to make a cyber insurance claim. "
Cyber Essentials is a UK government-backed and industry-supported cybersecurity certification scheme.
It aims to help organisations protect themselves from common online threats by implementing a baseline of security controls.
Key Points:
Purpose: The main goal of Cyber Essentials is to protect businesses from common internet-based cyber-attacks. These attacks often target vulnerabilities in software and systems that haven't been updated or properly configured.
Five Technical Controls:Â The scheme focuses on five key technical controls:
Firewalls:Â Protecting your internet connection.
Secure Configuration:Â Ensuring software and hardware are set up correctly.
User Access Control:Â Managing user accounts and access privileges.
Patch Management:Â Keeping software up-to-date with the latest security patches.
Malware Protection:Â Defending against viruses and other malicious software.
Two Certification Levels:
Cyber Essentials:Â Self-assessment questionnaire completed by the organization.
Cyber Essentials Plus:Â More rigorous assessment involving external vulnerability scans and internal infrastructure checks conducted by an approved assessor.
Benefits:
Reduced Risk:Â Â Implementing Cyber Essentials controls significantly reduces the risk of falling victim to common cyberattacks.
Credibility: Demonstrates to customers, partners, and suppliers a commitment to cybersecurity.
Insurance Benefits:Â Some insurers offer reduced premiums for businesses with Cyber Essentials certification.
Government Contracts:Â Â Often a mandatory requirement for bidding on certain government contracts.
Who is it for?
Cyber Essentials is suitable for organisations of all sizes and sectors. It's particularly beneficial for small and medium-sized enterprises (SMEs) that might not have the resources for complex cybersecurity measures.
The history of Cyber Essentials starts in 2014
Inception and Launch (2014):
Motivation: Born out of a growing concern for cyber threats targeting UK businesses, especially small and medium enterprises (SMEs).
Collaboration: Developed in partnership with industry experts like the Information Security Forum (ISF), Information Assurance for SMEs Consortium (IASME), and the British Standards Institution (BSI).
Government Backing:  Launched in June 2014 by the UK government, specifically the Department for Business, Innovation and Skills (now the Department for Business and Trade).
Immediate Adoption:Â Quickly gained traction with several organizations certified by the end of the month.
Government Mandate (2014):
Mandatory Certification: Starting in October 2014, Cyber Essentials certification became a requirement for suppliers to the central UK government handling specific types of sensitive and personal information.
Driving Adoption: This move incentivized widespread adoption across the business landscape, particularly for those aiming to win government contracts.
Cyber Essentials Plus (Introduction):
Enhanced Assurance: A higher level of certification, Cyber Essentials Plus, was introduced to provide more rigorous testing.
Independent Verification:Â This scheme includes an on-site technical verification of an organization's security controls.
Evolution and Growth:
Over 53,000 Certifications: The scheme has seen remarkable success, with over 53,000 certificates awarded to date.
Recognition:Â Increasingly recognised by insurers and businesses as a mark of basic cybersecurity hygiene.
Updates (2022):Â Â The technical requirements and question sets were updated in January 2022 to keep pace with evolving cyber threats.
And Now OCM Communications Limited are a Cyber Essentials Certification Body!
On behalf of our clients OCM has taken the next step.
Not only can we help businesses achieve the standards of Cyber Essentials and Cyber Essentials Plus but now we are a licensed Cyber Essentials Certification Body and can award certification to our clients who meet the standard.
To get started with Cyber Essentials, simply choose one of our packages, We will then guide you through every step of the way to ensure you pass Cyber Essentials first time - including providing any new policies or training needed for your team.
Alternatively you can book a no obligation, free consultation by clicking the button below :-
Comments