Cyber Essentials, the UK Government-backed initiative, provides guidance to businesses on how they can protect themselves from cyber threats.
In 2017, the UK’s National Cyber Security Centre (NCSC) and National Crime Agency (NCA) produced a report which stated that cyber threat to businesses was growing and significant.
How Does Cyber Essentials Work?
“Cyber Essentials has two main functions: to help businesses put the right measures in place for their own protection; and, crucially, providing the certification to verify this to others,” Lee explains.
“In other words, it enables businesses of all sizes to demonstrate a commitment to cyber security, once they have set up their own Cyber Essentials controls,” continues Lee. “This is in the form of independently verified self-certification.”
“In a competitive marketplace, it may not be enough to feel that you are secure from cyber threats, even if you have full confidence in your systems. What you must be able to do is demonstrate this, with the documentation to back it up”
What Lee emphasises is that before businesses jump to thinking of this as another administrative burden imposed on them, they should consider its marketability.
“You want your customers and clients to have complete faith in you,” says Lee. “Whether it’s consumers or other businesses, trust is vital in growing your business.”
“What Cyber Essentials provides is an assurance scheme, so your customers know you’re on the ball when it comes to protecting their data.”
Risks and Consequences
Cyber Essentials lays out standards for security and controls to protect businesses from cyber threat.
“It’s about backing up your credentials with tough, practical, effective measures. Cyber Essentials is not just window-dressing, it’s here for a reason,” Lee points out.
“Along with the direct damage from data loss, which can force businesses to rethink how they operate, there is reputational damage to consider”
“This can have far-reaching consequences that are ultimately more serious than the direct damage to your business,” Lee cautions. “If customers think your cyber security is compromised they will go elsewhere. Likewise, if you are part of a supply chain, this could well lose you that position.”
Lee also notes that cyber-crime can affect a business’s insurance status.
“You could find yourself penalised if you don’t have the correct Cyber Essentials certification,” warns Lee. “On a positive note, some insurers offer benefits to early adopters.”
While Cyber Essentials is mandatory for government suppliers and local government contractors, Lee stresses that for many businesses it should mean more than compliance.
“Cyber Essentials protects your profits and your reputation while safeguarding commercially sensitive data, and it shows your commitment to security”
“This can help to differentiate you from competitors who don’t have accreditation,” Lee advises.
“It’s something that you can demonstrate to customers, clients, suppliers and partners,” concludes Lee. “It’s about reinforcing that critical element of trust in all your business relationships.”
For a complementary read, please Everything Tech’s blog, 5 Ways the Cyber Essentials Scheme could improve your business’ marketability.