The Government-backed Cyber Essentials scheme helps organisations implement best practice measures that protect them against cyber security threats. There are two levels: Cyber Essentials and Cyber Essentials Plus. What’s the difference between the two, and which one is most appropriate for your organisation?
Since it was launched in 2014, the Cyber Essentials scheme has helped thousands of UK organisations enhance their cyber security. In this blog, we’ll take you through what the Cyber Essentials scheme is, what the benefits of getting the Cyber Essentials certification are for your organisation, and – importantly – what the difference is between the two levels: Cyber Essentials and Cyber Essentials Plus.
A Brief History of Cyber Essentials
Back in 2014, the world was far less cyber aware than it is today. WannaCry hadn’t yet turned everyone’s attention to the massive damage that cyber-attacks could cause, and many organisations were – let’s put this politely – less cyber mature than they should have been.
Recognising the threat cybercrime posed to UK organisations and the economy as a whole, the UK Government worked with the Information Assurance for Small and Medium Enterprises (IASME) consortium and the Information Security Forum (ISF) to create the Cyber Essentials scheme.
Cyber Essentials is designed to apply to organisations of all sizes, regardless of sector, and includes a number of fundamental technical controls that help organisations protect themselves against common cyber security threats.
Why Should You Become Cyber Essentials Certified?
You’ve probably noticed more and more organisations include the Cyber Essentials or Cyber Essentials Plus logos on their websites and marketing materials. Why? Here are some of the reasons organisations should get Cyber Essentials:
- Gain an understanding of your level of cyber maturity. Cyber Essentials helps you see where your cyber provisions are strong – and where they need improving.
- Reassure clients that you are working to cyber security best practices. As part of their supply chain due diligence, your clients may well ask if you are Cyber Essentials certified.
- Attract new business by demonstrating your cyber preparedness. When competing for business, being Cyber Essentials certified may put you in a better position against a competitor that isn’t.
- Win Government contracts. Some Government contracts require any organisation that wishes to bid for them to have Cyber Essentials certification.
Cyber Essentials vs Cyber Essentials Plus: What’s the Difference?
So, what’s the difference between the two levels? Cyber Essentials is the ‘basic’ level which is self-assessed and independently verified. Cyber Essentials is a questionnaire with 70 questions across eight sections. Your organisation can complete the questionnaire itself, but it must be approved by a board-level representative, business owner or equivalent.
If you need support completing the Cyber Essentials questionnaire, Six Degrees offers consultancy and testing services to take your organisation through the Cyber Essentials self-assessment.
Cyber Essentials Plus includes all of the elements of Cyber Essentials, and adds an independent technical audit of your infrastructure to confirm that the controls stated in the Cyber Essentials self-assessment are indeed in place.
Cyber Essentials Plus provides greater peace of mind that cyber security controls are being followed correctly: for your organisation, its existing clients, and any new ones you may wish to engage with.
Six Degrees can test your secure configuration in order to attain Cyber Essentials Plus. Learn more about our Cyber Essentials Plus services.
Get Your Organisation Cyber Essentials Certified Today
There’s never been a better time to attain or retain Cyber Essentials or Cyber Essentials Plus. According to the UK Government, around 80% of cyber-attacks could be prevented if organisations put simple cyber security controls in place. Cyber Essentials and Cyber Essentials Plus help you understand and guard against the common forms of cyber-attacks that you are routinely exposed to.
Six Degrees offers consultancy and testing services to take your organisation through the Cyber Essentials self-assessment and test your secure configuration in order to attain Cyber Essentials Plus. Check them out here, and schedule a call with one of our experts if you’d like to learn more.