VIEW ALL INSIGHTS

What is Cyber Essentials and why does it matter?

Many organisations ignore cybersecurity and its benefits for people, culture, and finances. They think they won’t be targeted by cyber-crime. But cyber attackers know that data is valuable both internally and externally. Indeed, blocking companies from their own data can be as harmful as leaking it.

Half of businesses and a third of charities have faced cyber-attacks in the past year. This number is higher for medium (70%) and large (74%) businesses, and high-income charities (66%) (Gov.uk, 2024).

Cyber Essentials is a government-backed scheme to help organisations protect against common cyber-attacks. It demonstrates to customers, suppliers and other stakeholders that the organisation is proactive about data protection.

Who does Cyber Essentials apply to?

Cyber Essentials is recommended for all organisations. Since October 2014, many government contracts require Cyber Essentials certification before going to tender. Suppliers to the following government departments must be certified if you are handling sensitive data:

  • Non-ministerial departments
  • Executive agencies
  • Non-departmental public bodies including the Ministry of Defence

Supplier requirements:

Suppliers must certify to Cyber Essentials if they handle, store or process any of the following, for a government department:

  • Personal information of citizens (e.g. home addresses, bank details)
  • Personal information of government employees (e.g. payroll, travel bookings)
  • ICT systems that store or process data at the OFFICIAL level of the Government Protective Marking scheme

What if I don’t work with government contracts?

Cyber Essentials is useful for all organisations. It shows good internal controls and helps protect against common cyber-attacks. Cyber criminals target businesses of all sizes. Cyber Essentials is achievable for all, no matter how complex or simple your IT infrastructure is.

How to get Cyber Essentials certified

Start with a Cyber Essentials self-assessment, which can be supported by an accredited certification body. After the self-assessment, a Cyber Essentials auditor will review your organisation and give feedback for improvements and how to further align to the standard. You will then be issued with a certificate that is valid for 12 months. The standard is updated annually to protect against new threats.

How can we help?

PKF Francis Clark is an accredited certification body of the IASME Consortium. We can support you throughout the certification process. For more information, contact our cyber security Director, Phil Osgathorpe, for a free initial conversation.

https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/526200/ppn_update_cyber_essentials_0914.pdf

https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2024/cyber-security-breaches-survey-2024

FEATURING: Phil Osgathorpe
Phil leads our IT assurance and cyber services teams and is a passionate leader at Francis Clark. He supports and leads the delivery of assurance and advisory… read more

Related Insights:

Cyber & Agriculture

What industries come to mind when thinking about those least likely to be attacked by cyber criminals and organisations? Agriculture is probably near the top of…

Back To Top