Cyber-attacks don’t just hit big corporates. They hit everyday businesses like yours and usually because of simple, preventable mistakes. At the same time, we recognise that knowing where to start with cyber security can be challenging. It can be a minefield, especially if you don’t have in-house expertise or resource.
Thankfully, you don’t need either to get going. The UK-government backed Cyber Essentials certificate gives companies like yours a baseline and a framework to get the basics of cyber security in place. It’ll help you plug any obvious gaps in your cyber security and should stop you from making preventable mistakes.
What exactly is Cyber Essentials?
Cyber Essentials is a UK Government-backed, industry-supported certification that protects organisations against the most common cyber-security threats. You can think of it as the foundation on which best-practices are built.
When you go through the certification process it will give you a defined set of controls and a practical technical baseline that will help you meet a foundational standard of cyber security.
The certification focuses on five key areas:
- Firewalls & internal entry points
- Secure configuration
- Access control
- Malware protection
- Patch management
You can think of it as establishing a base layer of security that your organisation should meet. Once completed, you can move on to Cyber Essentials+ which provides a more comprehensive approach and advances on the foundations set by Cyber Essentials.
Why should I care?
At a fundamental level, Cyber Essentials reduces risk. Organisations with its controls in place are 92% less likely to make a cyber security insurance claim because they’re better protected against the most common, untargeted attacks. In fact, Cyber Essentials is designed to stop attacks like phishing, ransomware and credential stuffing from happening.
Moreover, there is now a growing expectation that companies in the UK expect partners and stakeholders to work to the standards Cyber Essentials sets. For example, it’s required for many UK Government contracts and is increasingly used in supply chain assurance by large organisations.
The bottom line is that even if you don’t care about security, your customers and prospects do. Cyber Essentials is a mark of trust and credibility that demonstrates commitment to protecting data, and that build trust with customers, suppliers and stakeholders.
In a practical sense, the certification simplifies cyber decision making, providing:
- A clear checklist of what good looks like
- A repeatable assessment model
- A common language for boards and suppliers
In effect it removes the ambiguity from cyber security by making you secure and ensuring you meet a recognised security standard. It also comes with free cyber insurance (for eligible SMEs), access to incident response support and reduced procurement friction through reduced due diligence overhead.
Why Cyber Essentials matters most for SMEs and NFPs
Most organisations that fit this profile are under-protected. In fact, 43% of UK businesses have experienced a cyber-attack in the past year, while only 14% properly manage supplier cyber risk. The problem isn’t advanced; it’s a lack of basic IT hygiene.
This crops up most often in SMEs and not-for-profits because they tend to lack dedicated IT teams, budget for workable frameworks (like ISO for example), and the time to interpret complex guidance. Cyber Essentials fixes this because it’s affordable, understandable and actionable.
It’s also designed to work with how attacks usually happen. Most attacks exploit unprotected systems, weak passwords and misconfigured devices. Cyber Essentials targets and fixes these problems, making it disproportionately effective relative to its simplicity.
It’s a baseline for business…and your prospects’ too
Because Cyber Essentials turns security from an abstract risk into a measurable baseline it acts as a benchmark for your IT. This benchmark means that you either do or don’t meet the UK minimum standards for cyber security. This helps you to highlight specific control failures, and because you need to renew every 12 months there’s a built-in review cycle to ensure standards are maintained. Moreover, because it’s a widely recognised standard, it’s a common benchmark across supply chains - meaning you can compare across peers and suppliers.
Keep in mind what this can do for you. While it isn’t a full strategy or panacea for your IT security, it does answer whether you are exposed to threats or not. It also gives you a starting point for cyber security which is essential for operating in modern environments and for company growth. And, if nothing else, it is the first step on the road to better security, which can only ever be a good thing.
Need a cyber security 101 without the jargon? Our CTO Patrick Burgess is hosting a free webinar with our partners uSecure on May 12.
They’ll cut through the noise and tech jargon to focus on the cyber security basics that really matter for SMEs.
No sales fluff just practical, common‑sense guidance you can actually act on.
You can find out more and sign up here: https://app.livestorm.co/nutbourne-ltd/cyber-security-non-negotiables-dont-be-that-company