Celebrating 10 Years of Cyber Essentials

The government developed the Cyber Essentials scheme to help protect organisations of any size against the most common cyber attacks on the internet. Research published as part of the 10 year anniversary of Cyber Essentials assessed the effectiveness of the scheme and identify how it might be improved. The research highlights Cyber Essentials' impact, including:

• Enhanced protection for businesses of all sizes,

• Greater awareness of cyber risks across industries,

• Stimulating best practices and good cyber hygiene,

• Strengthening supply chains with secure supplier selection

  
  

Summary of Key findings

• Cyber Essentials is providing cyber security protection to organisations of all sizes, including larger organisations that use other schemes, standards and accreditations.   

• Cyber Essentials helps to improve organisations’ awareness and understanding of the cyber security risk environment – thus enabling them to become more informed – and helps to boost scheme users’ confidence at mitigating the risks of a possible cyber attack.

• Cyber Essentials has stimulated wider actions, good practice and behaviours among organisations that use it, potentially born out of a heightened appreciation of the cyber security risk environment.

• Cyber Essentials is being actively used as part of supply chain assurance to inform the supplier selection process, instil confidence and demonstrate basic cyber hygiene to the market.

• Cyber Essentials is streamlining due diligence for some organisations and supply chains, but this is not always the case.

• Cyber Essentials is contributing to wider value, through growth in the cyber security sector, peace of mind through the bundled cyber liability insurance, and stronger market competitiveness.  

Recommendations

The evaluation’s recommendations are summarised below.

• Continue to promote Cyber Essentials as an affordable and responsive cyber security solution aimed at organisations that may otherwise lack basic protection.  

• Continue to invest in the scheme’s supportive approach to helping organisations gain and sustain certification, by growing the supportive network of Certification Bodies and assessors.  

• Stimulate wider and more effective use of Cyber Essentials as a supply chain assurance tool.  

• Help clients to identify how they could improve the efficiency of cyber security due diligence processes where their suppliers are Cyber Essentials certified.  

• Encourage more organisations to prioritise cyber security by conveying more tailored information about the benefits of being Cyber Essentials certified to different sizes and types of organisation.  

• Consider providing more basic information to organisations that have never been certified to help them better understand the Cyber Essentials scheme and why it would be a good investment.  

• Continue to work with insurance providers to convey the latest evidence on the effectiveness of the Cyber Essentials technical controls and how the scheme contributes to organisational cyber resilience.  

• Consider rolling out more targeted and high-profile marketing and communications stressing the potential hard-hitting consequences of a cyber attack.  

For more information see the full report.