Is Cyber Essentials adequate defence for businesses in today’s threat landscape?

Is Cyber Essentials adequate defence for businesses in today’s threat landscape?

Cyberattacks can be very costly to businesses, in lost productivity, disruption to trading, time, and money. Theft of financial or other sensitive information, reputation damage, and resulting contract losses could ultimately put you out of business. For these reasons, cybersecurity must be taken seriously, now more than ever.    

What do cyberattacks cost businesses in the UK? 

According to government statistics, the average cost of all breaches or attacks identified between March 2021 and March 2022 was almost £9,000 combined, for micro/small businesses and medium/large businesses.  

What makes a business vulnerable to cyberattacks? 

Any business, large or small, can fall victim to a cyberattack. Two of the main causes are outdated antivirus and not applying changes to update, fix, or improve operating systems, also known as patching’. In fact, almost 60% of data breaches are caused by software that isn’t patched.  

What is Cyber Essentials?  

You may have heard of the government-backed certification scheme, Cyber Essentials. It offers a framework of standards to protect your business from a range of common cyberattacks, by helping to improve your business’s security posture, and reduce the number of cyber threats you are exposed to.  

There are two levels of Cyber Essentials certification. Cyber Essentials involves a self-assessment questionnaire, while Cyber Essentials Plus is more hands-on, involving a technical verification. 

How important is Cyber Essentials for your business? 

Having Cyber Essentials certification is, well, essential. Increasingly, business contracts expect Cyber Essentials as a minimum level of compliance, as it adds a layer of trust for stakeholders, especially when handling data for a third party. It is now also non-negotiable for any business working with government organisations. Furthermore, Cyber Essentials is the first step towards an ISO 270001 certification, and accreditation proves you take security seriously. 

Whilst Cyber Essentials certification ticks the box for compliance, cybersecurity is more than just a box-ticking exercise. 

Cyber threats are continuous, yet these assessments are carried out just once a year. You might fix all security issues at one point in time to achieve Cyber Essentials certification and as a result, assume you are protected. Yet days, or weeks after an assessment, new and more sophisticated threats can emerge. 

How can your business stay ahead in cybersecurity? 

Security compliance is a moving target that is constantly changing.€¯It requires various tasks to be performed at regular intervals. These include: 

  • Updating all applications when vulnerabilities occur 
  • Patching operating systems 
  • Reconfiguring networking equipment 
  • Educating staff to identify and avoid phishing attempts 
  • Reconfiguring all devices across the business to reduce threats 

Businesses are advised to begin with Cyber Essentials requirements as a base level of security. However, they should also be looking for a continuous level of protection.  

An innovative cloud-based cyber security solution, called CDE (Cyber Defence by Extech Cloud) has been developed by specialists at Extech Cloud, to help businesses keep their cybersecurity up to date. Unlike many cybersecurity products, CDE enables continuous monitoring of a business’s compliance level, and automatic remediation of any security threats posed. 

How does CDE work?  

A vulnerability management solution is installed on all devices used in the business, such as laptops, tablets and phones, to scan for threats and identify what needs fixing. This is similar to the tools used by Cyber Essentials assessors, only it’s done on a daily basis, rather than during an annual audit. This ensures that all the latest cyber threats are captured and vulnerabilities are identified as they occur. 

Additionally, there is an application updating tool which provides automatic patches. It is currently capable of updating 748 common applications, with the capacity for more to be added, as required. Extech Cloud fixes any vulnerabilities discovered and manages the application updating tool to ensure it is successfully carrying out the updates it should. 

This new cybersecurity solution provides continuous protection for your organisation to a Cyber Essentials standard and prepares you for a Cyber Essentials Plus assessment. It also helps to spread remediation work throughout the year, to reduce the impact on your organisation during the annual test. Any issues that need to be fixed on that day are reduced, as are the chances of having to pay out for a second scan. Businesses also receive reports and insights to their actual level of security for applications and vulnerabilities. 

With CDE*, Extech Cloud offers businesses in Burgess Hill, Haywards Heath, East Grinstead, Brighton and anywhere across Sussex or Surrey, reliable secure infrastructure that allows them to get on with the day-to-day without the inconvenience and cost of cyber threats. Contact the Extech Cloud team today to find out more and speak with a cloud specialist. 


*CDE is only available to Extech Cloud customers, with a minimum of Microsoft 365 Business Premium licences and an active IT support agreement. 

Back to News & Resources

Related news

    Book a free online consultation

    We love talking to businesses and understanding what they do and what they need. If you'd like to book a short, no obligation consultation, please provide us with your details. We understand that you may already have an IT company, consultant or team, so all contacts are treated as completely confidential. A fresh new IT approach could begin here...

    DD slash MM slash YYYY


    Get answers to common questions here.

    News & Resources

    Get latest updates, downloads and white papers.