We frequently talk about the perceived benefits of the Cyber Essentials scheme, but brand new figures published by the government’s Department for Science, Innovation and Technology on the 23^rd October 2024 show the actual effectiveness of the scheme to date.

Some Context…

Cyber Essentials, which was specifically set up to help organisations bolster their online defences against cybercrime, is a government and industry backed scheme, with support from the Federation of Small Businesses, the CBI and a number of insurance organisations. The scheme is a set of standard technical controls that organisations need to have in place to protect themselves against the most common online security threats.

Since the introduction of the scheme, over 190,000 Cyber Essentials certificates have been awarded to businesses, charities, schools, universities and local authorities, including 43,480 issued in the past year.

Backing for Cyber Essentials

At  the Cyber Essentials 10 year anniversary event earlier this month at the House of Lords, the Minister for AI and Digital Government, Feryal Clark, gave a speech reflecting on the success of the scheme and how it plays a crucial role in making the UK more cyber resilient. The Minister continued, ‘’We know it works, and we now need more organisations to embed the Cyber Essentials controls and grasp the economic benefits of secure digital adoption.’’

A joint statement was also given during the event by the National Cyber Security Centre, the DSIT and the UKs leading banks including Barclays UK, Lloyds Banking Group, Santander UK and TSB Bank – all emphasising the importance of cyber security across the business supply chain. They also called for more businesses to adopt the Cyber Essentials Scheme.

• Read the Minister’s speech at the Cyber Essentials 10 year event
• Read the Banks’ joint statement on the importance of Cyber Essentials

Cyber Essentials Impact Evaluation

October’s impact report, commissioned by the DSIT, was delivered by Pye Tait Consulting and gives an in-depth insight into the impact of the scheme and how effective it is in improving the cyber security of organisations.

Key Findings:

<< 85% of users reported a better understanding of cyber risks, and

<< 92% fewer insurance claims were made by organisations with Cyber Essentials controls in place.

<< Among surveyed organisations certified to ISO 27001 but not Cyber Essentials, 42% said that they only meet ‘some’ of the Cyber Essentials technical controls.

• Read the Cyber Essentials impact evaluation research

The Wider Benefits of Cyber Essentials

1. Supply Chains

Only 6% of UK businesses are assessing cyber risks in their wider supply chain…

Times have changed since guarding your own organisation alone was deemed enough. Attacks on supply chains are increasing and far reaching. The recent cyber-attack on IT provider Synnovis had a hugely damaging effect on London hospitals as many thousands of appointments and operations were cancelled.

Feryal Clark, the Minister for AI and Digital Government, continued in her speech, “We know many organisations across the economy are struggling to manage the cyber security risk presented by suppliers.  This is clearly reflected in the fact that just 6% of UK businesses are assessing cyber risks in their wider supply chain. This is simply too low and presents a concerning scenario…Against this backdrop, we firmly believe Cyber Essentials has a more important role to play.

By requiring suppliers, or other third parties, to have Cyber Essentials themselves, customers gain tangible assurance that fundamental cyber security controls are in place, and they are protected from common cyber-attacks.

Such assurance is no longer a ‘nice to have’ – it’s a necessity. Embedding Cyber Essentials requirements across supply chains will drive up the cyber maturity of our whole economy.”

2. Bidding for Government Contracts

The impact evaluation also mentions:

<< 15% of Cyber Essentials users have made it mandatory for their suppliers to become Cyber Essentials certified, and

<< 33% are actively considering mandating Cyber Essentials in the future.

The commercial imperative for obtaining certification was also strong, with users reporting:

<< 33% of all contracts they entered into over the past year required them to be CE certified. 

How We Can Help At Comprendo

We are an experienced IT solutions and support team with in-depth knowledge of Cyber Essentials. We can identify where your business is on the path to reaching the required criteria for Cyber Essentials or Cyber Essentials Plus. We will help you put the 5 technical controls in place.

If you choose to work with us, we will install the Cyber Essentials ISO 27001 management portal and Cybersmart software, which automatically filters data from your cyber security controls into the Cyber Essentials platform. The software ensures all infrastructure meets the required security criteria and will report on areas requiring improvement.

Whether you’re a start-up looking for guidance on cyber security, or a larger organisation wanting to engage all your employees in guarding against cyber threats, we’d be very happy to help.

>>> Call us on 0345 527 4394 for an informal chat with one of our friendly support team, or

>>> Contact us for all things IT at https://comprendo.co.uk/contact-us/ 

If you’re interested in learning more about the 5 Technical Controls monitored by Cyber Essentials, then take a look at our previous blog.

At Comprendo, we provide customer-focused IT services, solutions and support to businesses throughout North Yorkshire, West Yorkshire, Lancashire and beyond, including Keighley, Skipton, Ilkley, Bradford, Harrogate, York, Burnley and Preston. Looking to outsource your IT or review your cyber security? We look forward to hearing from you.