Cyber Essentials (CE) is a Government-backed initiative designed to protect small and medium-sized businesses from the threat of cyber-attacks and online data breaches. Cyber Essentials certified companies can display a badge on their website and sales literature to reassure clients and suppliers they have the correct processes in place to protect their business against common internet based cyber-attacks.
Cyber Essentials comes in two flavours
- Cyber Essentials - an independently verified self-assessment. Organisations assess themselves against five basic security controls and a qualified assessor verifies the information provided.
- Cyber Essentials PLUS – a higher level of assurance. A qualified and independent assessor examines the same five controls, testing that they work in practice by simulating basic hacking and phishing attacks.
Why you need Cyber Essentials
Cybercrime is a growth industry. A report carried out by The Federation of Small Businesses states that two-thirds (66%) of small businesses fell victim to cyber-crime between 2014 and 2016. The same report estimates SMEs were attacked four times each on average, costing small business owners. A BBC report in 2016 highlighted the changing trends in crime as cases of online fraud rose, while traditional crimes such as burglary and vehicle theft fell substantially.
Protect your business against common cyber attacks
Companies have an obligation to protect personal and sensitive data. Existing regulations such as PCI DSS compliance - for businesses that manage payment card transactions and the Data Protection Act 1998 (DPA 1998) for firms handling personal information of any type are already in place. Organisations will soon have to comply with GDPR, a replacement for the DPA 1998. Cyber Essentials helps to meet your data protection obligations.
Increase your competitive advantage
Cyber Essentials certification gives your organisation a significant edge over non-CE certified competitors. Information management is a big deal, and it's important to reassure customers your organisation has the controls, procedures and processes in place to protect their personal data. Adding ‘secure’ to your brand proposition increases trust among peer groups and stakeholders alike.
Help to avoid large fines
The Information Commissioner’s Office (ICO) enforces data policy legislation in the UK and award large fines to companies that experience significant data breaches. Once GDPR rules come into effect in May 2018, fines are expected to soar, with a maximum penalty of €20 million or 4% of global annual turnover for the preceding financial year - whichever is greater.
CE certified businesses can bid for Government contracts
Public sector contracts can be a lucrative source of income for small and medium-sized businesses, helping secure long-term jobs for many communities. Since October 2014, businesses handling personal information must be Cyber Essentials certified to bid for public sector contracts.