• Home Insights Government’s Cyber Essentials survey – key findings for SMEs
13 Jan 2025

Government's Cyber Essentials survey – key findings for SMEs

In October 2024, the National Cyber Security Centre’s Cyber Essentials certification celebrated its 10th anniversary. This government initiative sets the baseline for cyber security in the UK. It aims to make the UK one of the safest digital spaces for business.

The government recently published Cyber Essentials Impact Evaluation which highlights the scheme’s benefits. Notably, 85% of users reported increased cyber security awareness in their businesses. But what does this mean for SMEs in the UK?

Key findings of the report

The survey found that 88% of organisations holding Cyber Essentials certification felt better equipped to manage cyber risks. Interestingly, increased awareness can initially cause more anxiety about cyber-attacks, but this is a positive step. It’s easier to protect against threats you know about.

For SMEs, who are often prime targets for cyber criminals, developing cyber-threat awareness and risk management is essential. Cyber Essentials helps SMEs integrate good cyber security practices into daily risk management.

Leadership buy-in

Bridging the gap between IT and the wider business can be complex. The Cyber Essentials certification has strengthened senior management’s understanding of cyber security risks. In fact, 86% of respondents said that the scheme had improved engagement from senior management. Additionally, 71% agreed that cyber security is now taken more seriously.

Buy-in for cyber security programmes is a critical factor for success. It ensures that cyber security receives the necessary resources and funding. It brings in specialised knowledge of the business to make sure that cyber security measures are aligned to business goals.

Continuous improvement

The report states that 76% of certifying organisations have implemented additional cyber security measures.

Like many business processes, cyber security follows a life cycle. This process is part of a maturity journey where organisations continuously improve their cyber security standards.

For organisations looking to certify, the scheme recognises that incremental progress brings the greatest long-term benefit. Cyber Essentials acts as a springboard for your cyber security. It drives long term improvement resulting in the greatest wins for SMEs.

How to get Cyber Essentials certified

Start with a Cyber Essentials self-assessment, which can be supported by an accredited certification body. After the self-assessment, a Cyber Essentials auditor will review your organisation and give feedback on improvements and how to further align to the standard.

You will then be issued with a certificate that is valid for 12 months. The standard is updated annually to protect against new threats.

How can we help?

PKF Francis Clark is an accredited certification body of the IASME Consortium responsible for delivering the NCSC Cyber Essentials standard. We can support you throughout the certification process. For more information, contact our cyber security director, Phil Osgathorpe, for a free initial conversation.


This field is for validation purposes and should be left unchanged.
GDPR permissions

Latest news

Man in field looking at wind turbines

Why a recent court decision could increase infrastructure project tax costs

29 April 2026

Read

Key financial stability measures in law firms

29 April 2026

Read
Four members of Swanky's executive board standing together

PKF Francis Clark advises YFM Equity Partners on investment into Swanky Group

28 April 2026

Read
Three PKF Francis Clark colleagues walk through a field in Wiltshire.

How B Corp™ is helping us to change our firm for good

28 April 2026

Read

Landwise: farming and estates magazine

23 April 2026

Read

Employee share awards – let’s talk about tax valuations

23 April 2026

Read
PKF Francis Clark colleagues celebrating our B Corp certification at Bristol harbourside

PKF Francis Clark is now a Certified B Corporation™

21 April 2026

Read
Two colleagues chatting whilst walking from a meeting room.

Does your law firm need to register as a tax adviser with HMRC?

20 April 2026

Read
Three individuals in business attire are seated around a table, engaged in a discussion while looking at a laptop and holding documents with charts.

Pillar 2: What you need to know before 30 June 2026

15 April 2026

Read
business people sit around a table and one, a man stands talking, they are in a modern office and all wearing smart suits

Our response to the key elements of the latest SRA consultation

15 April 2026

Read
A coffee shop worker fills in paper work while sated at a high bar.

R&D claim notification form deadlines: When and how to submit

14 April 2026

Read

From employee to partner: What new law firm members need to know

14 April 2026

Read