Government's Cyber Essentials survey – key findings for SMEs

In October 2024, the National Cyber Security Centre’s Cyber Essentials certification celebrated its 10th anniversary. This government initiative sets the baseline for cyber security in the UK. It aims to make the UK one of the safest digital spaces for business.

The government recently published Cyber Essentials Impact Evaluation which highlights the scheme’s benefits. Notably, 85% of users reported increased cyber security awareness in their businesses. But what does this mean for SMEs in the UK?

Key findings of the report

The survey found that 88% of organisations holding Cyber Essentials certification felt better equipped to manage cyber risks. Interestingly, increased awareness can initially cause more anxiety about cyber-attacks, but this is a positive step. It’s easier to protect against threats you know about.

For SMEs, who are often prime targets for cyber criminals, developing cyber-threat awareness and risk management is essential. Cyber Essentials helps SMEs integrate good cyber security practices into daily risk management.

Leadership buy-in

Bridging the gap between IT and the wider business can be complex. The Cyber Essentials certification has strengthened senior management’s understanding of cyber security risks. In fact, 86% of respondents said that the scheme had improved engagement from senior management. Additionally, 71% agreed that cyber security is now taken more seriously.

Buy-in for cyber security programmes is a critical factor for success. It ensures that cyber security receives the necessary resources and funding. It brings in specialised knowledge of the business to make sure that cyber security measures are aligned to business goals.

Continuous improvement

The report states that 76% of certifying organisations have implemented additional cyber security measures.

Like many business processes, cyber security follows a life cycle. This process is part of a maturity journey where organisations continuously improve their cyber security standards.

For organisations looking to certify, the scheme recognises that incremental progress brings the greatest long-term benefit. Cyber Essentials acts as a springboard for your cyber security. It drives long term improvement resulting in the greatest wins for SMEs.

How to get Cyber Essentials certified

Start with a Cyber Essentials self-assessment, which can be supported by an accredited certification body. After the self-assessment, a Cyber Essentials auditor will review your organisation and give feedback on improvements and how to further align to the standard.

You will then be issued with a certificate that is valid for 12 months. The standard is updated annually to protect against new threats.

How can we help?

PKF Francis Clark is an accredited certification body of the IASME Consortium responsible for delivering the NCSC Cyber Essentials standard. We can support you throughout the certification process. For more information, contact our cyber security director, Phil Osgathorpe, for a free initial conversation.