According to the Cyber Security Breaches Survey 2017 nearly half of all UK firms have suffered a UK cyber breach or attack in the past 12 months. The average cost to a large business is roughly £20,000 but the reality is that financial implications from the breach itself, as well as the knock on impact of customer loss and reputational damage, could be thousands or it could be millions. Cyber Essentials is designed to try and turn this around by helping organisations to protect themselves from potential cyber attack – for IT providers in particular it could soon become a must have.
What is Cyber Essentials?
It’s a certification scheme that sets out best practices for cyber security. When these key baselines are correctly followed it is estimated that 80% of cyber attacks can be prevented. Becoming CE certified not only helps to ensure a business is protected against cyber attack but can also help businesses to address other compliance requirements, such as the EU General Data Protection Regulation. Cyber Essentials is based on five key controls:
- Access controls and administrative privilege management
- Malware protection
- Boundary firewalls and internet gateways
- Patch management
- Secure configuration
There are two levels of certification – the basic Cyber Essentials badge, as well as Cyber Essentials Plus, which also includes an additional internet scan and on-site assessment.
A required certification?
The government already requires all of its partners and suppliers who are handling sensitive data to be Cyber Essentials certified and is pushing for businesses all over the UK to do the same. As one in three small firms and 65% of large firms have experienced cyber attack – with roughly a quarter attacked once a month – the need for baseline levels of protection is clear. In some industries, such as IT, this kind of trust mark is likely to become a crucial differentiator for providers who are keen to be seen as taking the cyber security of their own businesses – as well as their clients – seriously.
Why opt for Cyber Essentials certification?
There are some very good reasons why going through the process of obtaining Cyber Essentials certification is a positive move for businesses:
- For government suppliers and for all public service contracts, it is now mandatory
- It demonstrates a commitment to business and data security to IT provider clients
- It may become necessary to work with certain suppliers or buyers
- Cyber Essentials provides easily actionable steps to help protect commercially sensitive data from attack
- It may offer a competitive advantage, as compared to those businesses that don’t have the certification
- The Cyber Essentials tools can help to protect business reputation against the negative implications of client and customer data being compromised – and the ongoing security concerns that may create
- It provides a reliable way to secure business financial data that could make operations vulnerable if stolen or attacked
- Once your business is CE certified, as an IT provider, you can then train your clients to get certified too
Marathon is already a Cyber Essentials certified business. If you’d like our help in ensuring your business also passes the cyber test then please get in touch by calling us on 020 8329 1000 today.