0345 305 4118

What is Cyber Essentials?

Cyber Essentials is a UK Government certification that allows businesses to demonstrate to their customers, suppliers, investors and insurers that they have implemented essentials security controls to manage their cyber risk and can reduce your risk of attack by up to 80%.

 

The National Cyber Security Centre (part of GCHQ) backed the creation of Cyber Essentials in 2014 in a bid to prevent companies becoming vulnerable to cyber-attacks.

 

In 2017, 47% of all UK companies experienced a breach of some kind, however many companies do not have the time or resources to develop their own cyber security systems, hence, the UK government backed Cyber Essentials is designed to cater for a broad range of businesses and will ensure that any company who achieves the certification will be protected against a range of the most common cyber-attacks.

 

The assessment can be implemented in a number of different ways from very minimal support (the only external interference being the assessment external vulnerability scan) to a very comprehensive fully managed service.

 

What is the different between Cyber Essentials and Cyber Essentials Plus?

Cyber Essentials Plus offers clients a more comprehensive assessment in comparison to Cyber Essentials, which is an entry level non-verified certification.

 

Unlike, Cyber Essentials certification, which is a self-assessment, the Plus certification is carried out by an external auditor and includes an on-site assessment and internal vulnerability scans and is heavily focused on 5 key technical controls, giving clients a more complete assessment and ensuring the company is safer in cyberspace.

 

Cyber Essentials Plus includes a vulnerability assessment and onsite validation of the cyber hygiene measures put in place by the business which provides a greater level of credibility to stakeholders such as customers and suppliers. Cyber Essentials Plus is also increasingly being required when working with Local and Central Government, the MOD and when working as part of a supply chain.

 

The cost of the basic Cyber Essentials certificate is £300. Whereas the Cyber Essentials Plus package, which includes the basic Cyber Essentials certification as well as an external vulnerability scan, documentation toolkit, onsite consultancy for a day and an internal vulnerability scan, costs from £2,500 (however cost varies depending on the size and complexities of the company).

 

So, why choose Cyber Essentials Plus?

Cyber Essentials Plus is a great option as it offers clients a more comprehensive assessment and ensures that a business is safer when it comes to their online presence.

 

Cyber Essentials, while a great start to ensuring safety in your company, is also a self-assessment whereas Cyber Essentials Plus is done by an external auditor. Self-assessment is fine for a company, and if you have a dedicated IT team then this would be the more cost-effective option for you. However, if you do not have someone on your team who has technical expertise or knowledge, then having an external auditor is ideal as they will have the experience, giving you less hassle and peace of mind that it is being conducted by someone who knows what they are doing and looking for.

 

Conclusion?

Overall, the choice between whether a company should choose the basic Cyber Essentials or the more comprehensive Cyber Essentials Plus certification, would come down to individual business need. However, being able to demonstrate that you have put steps in place to address cyber threats should be a priority for any company, particularly in view of the recently introduced General Data Protection Regulation (GDPR)

 

When introducing the Cyber Essentials scheme the UK government stated that all companies bidding for government contracts must be compliant with Cyber Essentials control; the best way of ensuring this is to go through the process of gaining the certificate. Therefore, Cyber Essentials has become almost necessary for companies to operate within the UK.

 

In a cyber world where risk of criminal activity is intensifying, prompting regulators and law makers to come down a lot harder on those who are not doing all that they can to protect their own data and their client’s data, Cyber Essentials is a good first step in protecting against fines and reputational damage. Cyber Essentials Plus, is therefore an even more positive move towards a safe and secure company in the cyber world due to its more extensive assessments.

 

At Capital Network Solutions, we can help you on your journey to minimise security risks and comply with GDPR. As one of the largest Certification Bodies in the UK having certified over 1800 UK companies, we can work with you to gain Cyber Essentials and Cyber Essentials Plus. We can also offer a wide range of cyber security services such as anti-phishing campaigns, cyber awareness training, cyber forensics and incident response.

To find out more about Cyber Essentials packages, contact our cyber security team on: 0345 3054118.

Back
Share
19 Mar Cyber Essentials

To find out more about Cyber Essentials packages, contact our cyber security team on: 0345 3054118.

Copyright @2017 Capital Network Solutions
See how we perform for clients
4.87/5
Customer Satisfaction
95%
Client retention rate
70%
Business from referrals