Recent headlines have underscored the escalating costs of cyber insurance, serving as a stark reminder of the pressing need to fortify cyber defences against skilled and relentless adversaries. Amidst this backdrop, the Government's initiative, the 10 Steps to Cyber Security guide, has emerged as a beacon of guidance, urging organisations to assess and bolster their cybersecurity posture.

At the heart of this framework lies the Cyber Essentials scheme, a vital cybersecurity standard designed to equip organisations with the necessary tools to navigate the complex terrain of cyber threats.

Contents

Tags

Share:

arrow arrow arrow

You may have seen recent news about the costs of cyber insurance soaring in response to the rise in cyber-attacks. This may well have highlighted the new reality in which targeted cyber-attacks by skilled and persistent criminals are now affecting all organisations, from the public to the private sector. Premium levels are set by assessing cyber risk, including examining the following:

  • Is there a firewall in place and correctly configured?
  • Is the network and file permissions set in a secure way?
  • Do you have adequate and up to date antivirus and malware protection?
  • Are your software and firmware updated frequently?

To help organisations deal with the situation, the Government launched the 10 Steps to Cyber Security guide to encourage organisations to consider their cybersecurity measures and to decide if they were managing their cyber risks adequately.

This guide was codified into the Cyber Essentials scheme. This is a cybersecurity standard, which organisations can be assessed and certified against. It identifies the security controls that an organisation must have in place within their IT systems to have confidence that they are addressing and mitigating the risk from cyber threats.

There are two levels to certification, Cyber Essentials where a self-assessment questionnaire is completed and externally reviewed, and Cyber Essentials Plus where the external certifying body carries out tests of an organisation’s systems.

Who needs to comply with Cyber Essentials?

From 1st January 2016, the Ministry of Defence required all companies bidding for new contracts to be certified to Cyber Essentials. From April 2016 these organisations had to comply with the Cyber Security Model, a further step covering wider aspects of cybersecurity such as governance and risk management. In July 2016 a Department of Health report recommended that the Cyber Essentials scheme “should be tested in a wider number of GP practices, Trusts and social care settings.” Cyber Essentials Plus is now the minimum standard for healthcare providers and partners.

It's not just MoD Contractors that would benefit from a Cyber Essentials certification. There are many ways your business needs Cyber Essentials including helping you and your customers stay protected, it boosts your business's reputation, and it'll give you a great reputation boost as well.

Since this blog was written, in April 2023 the NCSC and its Cyber Essentials delivery partner IASME have updated the technical requirements for Cyber Essentials. You can read more details about that in our updated blog; April 2023 Cyber Essentials Update.  

What is the process?

Costing around £300 the Cyber Essentials process consists of a questionnaire completed by the organisation applying to the scheme. This is then reviewed by a certifying body, and a decision about whether to award the certificate arrived at usually in a few days. Annual recertification is required to keep the cyber breach insurance in place.

Cyber Essentials Plus includes an external audit of your systems. This covers user devices, all internet gateways and all servers. The assessor will test a sample of these systems, typically about ten percent before deciding if further testing is required. The assessor will visit both the head office and a sample of other offices to carry out testing, although some tests can be done remotely. Something we pass every time!

The scheme is mostly aimed at businesses who do not have their own dedicated IT teams working around the clock to monitor threats. Its adoption by government departments as an assurance framework for their partner businesses means that companies of all sizes now need to consider if Cyber Essentials is for them.

Netitude offers an assisted assessment to complete the questionnaire on our client s behalf, this is useful if you don’t currently have the expertise in-house to verify the technical questions of the audit.

Talk to us to learn more about Cyber Essentials and cybersecurity services.

arrow

The Cyber Essentials scheme is a bastion of defence, offering a structured approach to fortifying cyber resilience and mitigating risk. At Netitude, we are committed to empowering organisations with the knowledge and expertise needed to navigate the ever-changing cybersecurity landscape.

Whether it's guiding you through the Cyber Essentials certification process or providing comprehensive cybersecurity services, we are here to safeguard your digital assets and ensure your peace of mind in an increasingly interconnected world. Reach out to us today to embark on your journey towards enhanced cybersecurity and resilience.

arrow

Netitude Industry Insight

11.12.24

The Underestimated Cyber Risks Facing UK Businesses

#Cybersecurity
bottom arrow
08.11.24

DMARC Compliance: Boost Security, Prevent Phishing, Secure Data

#Cybersecurity
bottom arrow
04.11.24

Completing My First Marathon at the Eden Project

#Culture & Community
bottom arrow

Subscribe here!

Read our Privacy Policy