• Home Insights What is Cyber Essentials and why does it matter?
23 Nov 2022

What is Cyber Essentials and why does it matter?

Organisations should start taking active steps towards cybersecurity. Many SMEs believe they will not be the target of cyber-crime as they have nothing worth stealing. However, cyber attackers are cunning and recognise that data has value internally as well as externally. Locking companies out of their own data and preventing them from operating can be just as damaging as leaking that data. A recent cyber white paper from Trowers & Hamlins noted around 60% of SMEs who were victims of cyber-attacks did not recover and closed within six months.

Over the past 12 months, 39% of organisations across the UK have reported having suffered a cyber security breach or attack. This number is also believed to be understated due to organisations not having the ability to successfully identify an attack when it happens.

Cyber Essentials (CE) is a government backed scheme developed to provide an organisation with the core fundamentals required to defend against approximately 80% of common cyber-attacks. It demonstrates commitment to an organisation’s customer base, showing how you are proactively protecting your data.

  1. Who does this apply to?

Whilst CE is encouraged for all organisations, some government contracts advertised after 1 October 2014 require you to be CE accredited before going to tender. To become a supplier of a government department (those noted below), you are required to certify to CE if you intend on handling sensitive data (as defined in point 2 below).

  • Non-Ministerial Departments
  • Executive Agencies
  • Non-Departmental Public Bodies including MoD.
  1. Supplier characteristics:

Where suppliers intend to handle, store, or process any one of the following characteristics for a government department, they must certify to CE.

  • Where personal information of citizens, such as home addresses, bank details, or payment information is handled by a supplier.
  • Where personal information of Government employees, Ministers and Special Advisors such as payroll, travel booking or expenses information is handled by a supplier.
  • Where ICT systems and services are supplied which are designed to store, or process, data at the OFFICIAL level of the Government Protective Marking scheme.
  1. What if I am not involved in government contracts?

Cyber Essentials is relevant to all organisations. The certification not only evidences strong internal controls over your cyber security position but also, as mentioned previously, ensures the appropriate measures are in place to mitigate approximately 80% of common cyber-attacks.

Cyber criminals target businesses of all sizes, whether you are a small organisation with only three employees, or a larger organisation with thousands, you can be targeted. Cyber Essentials takes this into consideration and makes it achievable for all, regardless of the complexity or simplicity of your IT infrastructure.

After completing the Cyber Essentials certification, not only will you have assurance that you are following the recommended best practices, but you will also have a greater understanding of your devices, and any gaps that we may identify.

  1. How do I certify to Cyber Essentials?

You will need to start by completing a CE self-assessment which can be performed with the support of an accredited certification body. Once a self-assessment has been completed, then a CE auditor will be able to assess your organisation and provide feedback for improvement and further alignment to the standard. Soon after, your certificate will be issued and will be valid for 12 months. The CE standard is annually updated and so supports organisations’ defences against new and upcoming threats.

  1. How can we help?

PKF Francis Clark is an accredited certification body of the IASME Consortium and can support you from the beginning of your journey to the end. If you would like to know more about the certification or our cyber security services, please do not hesitate to reach out for a free of charge initial conversation with our cyber security Director, Phil Osgathorpe.

https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/526200/ppn_update_cyber_essentials_0914.pdf

https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 – section 5.1

Get in touch

Related insights

A casual business meeting between three people

The value of private equity

24 October 2025

Read
Two people stare at a computer screen with a message to say their cyber security has been breached.

Are rising cyber threats to businesses on your radar?

24 October 2025

Read

Claiming capital allowances on commercial property for buyers and sellers

23 October 2025

Read

Finance Bill 2025–26: Our response to the proposed inheritance tax changes

21 October 2025

Read
Three people in business attire are seated at a desk in an office, reviewing a document together. The person on the left is pointing at the document while the other two look on attentively.

How a members voluntary liquidation fits into succession and exit planning

14 October 2025

Read
Employees at the Christmas party raising a toast

Staff Christmas gifts and parties – a tax guide

10 October 2025

Read
Rob Gear, corporate finance partner at PKF Francis Clark

Rob Gear promoted to partner in our corporate finance team

1 October 2025

Read

A summary guide to agricultural property relief (APR)

29 September 2025

Read
path leading to farm

Landwise: farming and estates magazine

24 September 2025

Read
A man is looking at his accounts on a computer screen.

Making Tax Digital for Income Tax: All you need to know

24 September 2025

Read
A group of six people in a modern office setting having a meeting around a glass conference table. One person is standing and speaking, while the others are seated and listening attentively.

When and how to prepare for a business exit

23 September 2025

Read
A family business owner with his two adult sons. The man has his arms around his two adult sons who are holding a pint of cider each. They are all smiling and chatting. The setting is in a brewery.

Succession planning tips for family businesses

17 September 2025

Read