In a recent call to action, the UK government emphasised the importance of Cyber Essentials certification, underlining its significant role in shielding businesses from cyber threats. As the Cyber Essentials scheme marks a decade, a 2023 government report evaluated its impact and effectiveness, offering valuable insights for organisations seeking to bolster their cybersecurity.
Launched in 2014, Cyber Essentials is a government-backed certification program designed to help organisations implement essential security measures against common internet-based threats. It provides two certification options. The foundational Cyber Essentials certification involves a self-assessment of key security practices, including firewall configuration, network segmentation, user access control, malware protection, and security update management. For organisations seeking a higher level of assurance, Cyber Essentials Plus includes independent testing to verify compliance with these same control areas.
Key findings on Cyber Essentials’ impact
As of June 2023, around 35,000 UK organisations have become Cyber Essentials certified. For many businesses, this certification serves as an essential framework to defend against increasingly prevalent cyber threats. The recent evaluation underscores Cyber Essentials’ impact, with the majority (82%) of users confident in its effectiveness at mitigating common cyber risks, and 80% noting a reduction in risks across their operations.
Perhaps most telling, many organisations find Cyber Essentials to be their primary form of external cybersecurity validation. Over half of surveyed users (53%) indicated that Cyber Essentials provides their only formal external assurance. The program’s controls have proven robust, with earlier research showing that 99% of internet-borne vulnerabilities could be mitigated through these security practices alone.
Beyond its technical benefits, the scheme is helping shape broader security awareness and behaviour within organisations. For instance, 85% of certified users report improved understanding of cyber risks, and 88% feel more equipped to mitigate these risks directly. Additionally, 76% of Cyber Essentials adopters have implemented further security measures, indicating that the scheme serves as a catalyst for a culture of cybersecurity.
Broadening cyber awareness in leadership and supply chains
Cyber Essentials is increasingly valued by leadership teams, with 86% of certified organisations confirming that it has strengthened their senior management’s grasp of cyber risks. This enhanced understanding at the leadership level is essential as more organisations integrate cybersecurity into core business strategies.
The certification is also gaining traction in government and commercial supply chains. In fact, the top motivation (35%) for pursuing Cyber Essentials certification is meeting government contract requirements, with over a third of users reporting that their recent contracts required certification. Further, 15% of businesses mandate Cyber Essentials certification for their suppliers, and 45% consider it a key factor in assessing supplier risk.
The growing commercial edge
Certification is not only about protection; it’s also proving to be a competitive advantage. Around 69% of Cyber Essentials-certified organisations report a boost in their market standing, with some experiencing increased commercial activity post-certification. This uptick highlights a growing recognition of Cyber Essentials as a standard of trustworthiness within the business community.
As the cyber threat landscape evolves, maintaining a strong foundational defence is critical. The National Cyber Security Centre’s Deputy Director for Cyber Growth, Chris Ensor, urged businesses to make Cyber Essentials a priority, noting: “Implementing these five controls dramatically reduces the risk of a cyber incident. For organisations without in-house expertise, certified advisors are available to help you get started.”
Your next step towards cyber resilience
For businesses that want to build on Cyber Essentials’ framework, we’ve compiled a 7-step checklist designed to help you get certified and integrate these essential controls into your operations effectively.