Most cyber attacks are indiscriminate, which makes everyone a target.
There are nearly 5.5 million micro and small organisations (less than 50 employees) and these make up the vast majority of businesses in the UK (over 99%). Although many do not see their business or their data as a target for cyber attack, they are still at risk of being attacked. The crucial factor for risk is not necessarily the value of your assets, rather it is the IT equivalent of a forgotten window left open which gives cyber criminals the access point.
Most cyber attacks are automated and untargeted; opportunistic criminals, often with minimal skills use freely available tools to randomly attack many thousands of businesses or individuals in one go. These are known as commodity cyber attacks. Without the basic security controls in place, companies both large and small are vulnerable to untargeted cyber attacks.
Commodity cyber attacks exploit basic weaknesses that can be found in many organisations. For example, attackers may take advantage of poorly configured accounts, software that hasn’t been updated, and old computer systems that are no longer supported by their suppliers.
Besides the obvious financial loss for an organisation and its customers, the impact of a breach can also cause huge stress and damage to client relationships, increased insurance premiums and many indirect financial costs.
What can Cyber Essentials do for your business?
The Cyber Essentials scheme was introduced by the UK Government in 2014, as a way to help organisations of all sizes effectively tackle their cyber security. The annually renewable cyber security certificate demonstrates achieving the minimum standard of cyber security that the UK’s National Cyber Security Centre (NCSC) would recommend every organisation to achieve. The scheme is centred around five technical controls that will protect against the majority of common cyber attacks.
Many attacks often start through the recipient of an email clicking on a malicious link or attachment. Implementing the Cyber Essentials could reduce potentially large-scale damage from one of these phishing emails. Certification is an excellent way to demonstrate that you take cyber security seriously, reassuring your customers and partners that you can be trusted with their data.
Cyber Essentials works as a self-assessment questionnaire, which is signed at board level. This is then verified by an external Assessor who determines whether the applicant organisation pass or fail. Cyber Essentials Plus is based on exactly the same controls but offers a higher level of assurance as it includes an audit to check that the controls have been implemented effectively.
Cyber Essentials has been proven to make certified organisations more secure.
We know that the Cyber Essentials scheme works and is actively making certified organisations more secure. According to insurance data, organisations that have a current Cyber Essentials certification are 92% less likely to make a cyber insurance claim that one without. Additionally, where organisations are using Cyber Essentials as third party risk management tool, we know that they are experiencing less cyber incidents. For example, financial services company, St. James’s Place required their whole partnership to become Cyber Essentials Plus certified and saw an 80% reduction in cyber incidents across the partnership.
Included Cyber Liability insurance:
If your organisation is UK-domiciled, has an annual turnover of less than £20m and the Cyber Essentials certification covers the entire organisation, you can opt into the included cyber liability insurance.
Where to get help and support?
Cyber Essentials Readiness Tool
The Cyber Essentials Readiness tool is a free resource on the IASME website. As you work through the interactive questions, you will understand whether the cyber security in your organisation meets the requirements for Cyber Essentials.
Cyber Essentials Knowledge Hub
The Cyber Essentials Knowledge Hub is a free online resource. It includes technical guidance and up-to-date information to answer your questions and help guide you through the Cyber Essentials certification process.
Cyber Advisors
Cyber Advisors are cyber security consultants that have been assured by the National Cyber Security Centre to give reliable and cost-effective cyber security advice and practical support. Cyber Advisors can support your organisation to put in place basic cyber security measures, and also help you to achieve Cyber Essentials certification. Importantly, Cyber Advisors have been assessed against whether they can understand and communicate with small organisations to give proportionate and sensible cyber security support.
Find an NCSC assured Cyber Advisor near you.