Accreditation support

As cybercrime rockets, and looks set to continue its unprecedented upward trajectory, an increasing number of insurance companies are asking clients to be Cyber Essentials Certified as a mandatory requirement. Larger companies are also increasingly demanding that their smaller suppliers demonstrate a commitment to cybersecurity by completing the Cyber Essentials Certification, in a bid to protect their supply chain. As cybercrime and the importance of keeping data secure increases, so to will the demand to become accredited.

Obtaining Cyber Essentials will help protect your business against the vast majority of cyber-attacks that are faced today, as well as staying ahead of the game for when you are asked to be certified.

Malicious hacker prepared to steal corporate data.

What is cyber essentials?

Launched in 2014, Cyber Essentials is a government backed scheme that is a framework of standards to protect your business against a range of the most common Cyber-attacks. This covers technical control to protect your business users and clients data, staff awareness training, and your own business’ internal policies and procedures.

There are two levels of certification:

Cyber Essentials – is a self-assessment questionnaire designed to interpret your current business policy and IT practices to determine if these methods will reduce cyber-attacks and make recommendations to remediate the most common threats.

Cyber Essentials Plus – is a lot more thorough and requires physical scans of your networks and devices to create a detailed analysis of the attack surface. The results of the scans are then used to identify the areas of exposure which need to be addressed and remediated to be compliant with the standard.

Why do I want to become Cyber essentials compliant?

The basis of Cyber Essentials is a framework for improving your security posture and to help reduce the number of cyber threats. Cyber-attacks cost businesses time, money and loss of productivity. Theft of financial information, disruption to trading and contract losses can even put your company out of business and should therefore be taken very seriously.

Increasingly business contracts are expecting a minimum level of compliance, because it adds a layer of trust for the stakeholders. Especially if you are handling data for a third party, as data breaches are not good for business.
If you’re working within government organisations it is non-negotiable.
The accreditation proves you take security seriously.
If a UK-domiciled organisation, with a turnover below £20m achieves certification to either the basic level of Cyber Essentials or the IASME Standard, they are entitled to Cyber Liability Insurance. The £25,000 limit of indemnity might be sufficient for a small breach or incident although maybe inadequate for a serious problem or more than one incident. Higher limits of indemnity are available. Source: https://iasme.co.uk/cyber-essentials/cyber-liability-insurance.  Cyber insurance can help cover businesses against financial losses that result from cyber events and can also assist with remediation and legal assistance.
Average cost of cyber attacks in the last 12 months is £4960 Source https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023

What are the shortfalls?

Maintaining security is not just an annual event, it’s a constant battle, and although the assessments help reduce cyber-attacks, the expectation is you continue to improve the level of protection throughout the year to maintain your security posture. However more often than not this doesn’t happen, mainly due to cost and time factors.
57%* of data breaches are caused by software that isn’t patched. Most third party application patching is overlooked, as its onerous and requires extensive manual oversight and management.  Small to medium size businesses don’t always have the time or the personnel with the knowledge to complete the assessments.

Security compliance is a constantly evolving and moving target, which requires numerous tasks to be performed on a regular basis:

Updating of all Third party applications where vulnerabilities have been identified
Patching Operating systems
Updating configurations on networking devices and equipment
Reconfiguration of various other devices
Training and educating staff against phishing attacks

Need help?

Since the inception of Cyber Essentials, Extech Cloud have been helping customers achieve a successful outcome with their Cyber assessments. Our team of qualified experts can also assist with completing insurance and professional body applications.

If you’re unsure about what’s involved or where to begin, Extech Cloud can help. Our expertise and dedication to cybersecurity make us well-equipped to guide you through the certification process.