One of the questions we find ourselves asked most frequently by new clients is whether they need to invest in Cyber Essentials certification. For some companies, this accreditation is essential – they will be unable to carry out their work without it – but for others, the answer isn’t as straightforward. Either way, all companies should be taking the issue of cyber security seriously, as cybercrimes cost UK businesses over £2 billion in 2021.
Which businesses are Cyber Essentials mandatory for?
Cyber Essentials certification is mandatory for businesses that are bidding on certain government, NHS and all Ministry of Defence contracts. It demonstrates your organisation’s commitment to cyber security and that you are safely handling sensitive data. If you intend to bid for any such contracts certification to Cyber Essentials should be considered a priority.
The Ministry of Defence announced in 2016 that all suppliers to the MOD are required to comply with the Cyber Essentials scheme. The MOD stated that, “the requirement must be flowed down the supply chain.” So while organisations who work directly with the MOD must be Cyber Essentials certified, other organisations in the supply chain should be too.
It should be noted that Cyber Essentials certification will always be looked favourably upon by organisations that manage personal data, even if it is not a mandatory requirement.
Can other businesses benefit from Cyber Essentials?
Cyber security risks affect businesses of all shapes and sizes, whether your industry is IT-based or not. In fact, the less aware you are of changing technologies, the more opportunities there could be to fall victim to a cyber attack. 40% of businesses in the UK reported a cyber security breach from 2019-2020. Cyber security breaches cost UK businesses an average of £3,320 in this period. As well as financial costs, attacks can hinder a business’s productivity, harm its reputation, and cause it to lose its competitive edge.
As a result, more companies are looking for evidence that other organisations are taking these threats seriously before they enter into business with them.
Some of the main reasons that our customers choose Cyber Essentials include:
- to generally improve their cyber security
- because they want to show investors that they take cyber security seriously
- because they want to show clients/customers that they take the protection of their data seriously.
Securing your business with Cyber Essentials
The Cyber Essentials framework assesses your systems in five key areas:
- Boundary firewalls and internet gateways
- Access control
- Patch management
- Secure configuration
- Malware protection
Forensic Control offers a comprehensive and affordable service to help you attain your Cyber Essentials certification. A recent survey uncovered that 68% of small and micro businesses have no formal policies for ensuring cyber security and a worrying 26% have no cyber security measures at all. We can help your enterprise achieve a strong foundation of cyber security wherever you are starting from.