Published by:

The Impact of Cyber Essentials: A 10-Year Review

 

The Cyber Essentials scheme has celebrated its 10th anniversary this year, so we thought it would be a fantastic opportunity to see just how the accreditation has changed over the last decade. Branding, processes, pricing structure and delivery partners are just a few of the ways the certification has developed, proving how adaptable to the ever-evolving threat landscape the scheme is.

Whilst there have been many developments, one factor that has never waivered is the core mission for the Cyber Essentials Scheme as explained by the NCSC years ago “The Cyber Essentials scheme provides businesses small and large with clarity on good basic cyber security practice. By focusing on basic cyber hygiene, your company will be better protected from the most common cyber threats.”

Chris Ensor (now the Deputy Director Cyber Skills and Growth) shared back in 2017 exactly how Cyber Essentials came about, stating:

“After we had published the ’10 Steps to Cyber Security’ in 2012 we started being asked for more specific advice on how to select appropriate security controls. People would say, “The 10 Steps are great but they’re a bit high level and we really need some more detailed guidance.” From that Cyber Essentials was born.”

In this blog post, he answered a lot of interesting questions that we have been asked on numerous occasions over the years. He also shared how investigations into corporate comprises at the time shaped the scheme, helping them select the most “effective controls” which were practical to implement, easy to test and can be applied to all organisations with no bias to size or sector.

“That’s not to say an organisation wouldn’t benefit from implementing other controls, but we wanted to keep things simple and focus on those that would directly and measurably mitigate the risk.”

Thus, giving all organisations a straightforward framework to follow and confidence in their cyber security defences.

 

Process

Not too long ago, the process of finding a certification body was not as simple as it is today. Previously, there were 4 accreditation bodies, including IASME, who oversaw a sub-set of certification bodies. Now, IASME is the sole accreditation body for the National Cyber Security Centre. Benefits to this are:

  • A simplified and streamlined certification process delivering consistency
  • Organisations can easily find information and the right certification body
  • The quality of the standard can be managed better across the board

A more recent development, is the Cyber Advisor and Assured Service Provider accreditations. This new scheme works alongside Certification Bodies. Whilst Cyber Advisors are recognised as having the skillset to help businesses work through the whole process and implement the controls, Certification Bodies focus on marking and auditing. 

Data Connect have proudly always seen the importance of technical control implementation and have provided services helping customers do just that, for many years. We’re delighted that the NCSC have recognised the importance of security experts who can complete this task.

 

Technical Controls

There’s always been the core technical controls, however today some of the questions in the question set do not fit as neatly into these areas. Due to the threat landscape evolving, the question set has expanded and is now divided into 10 categories, 7 of which are technical.

 

To another ten years of Cyber Essentials

Cyber Essentials has come a long way and is continuing to achieve its core mission. The true strength of the certification scheme is how it continues to develop, staying ahead in a landscape that is always changing. In fact, in the 2023/2024 annual review for the scheme, it was reported that organisations with Cyber Essentials are a staggering 92% less likely to make a claim on cyber insurance compared to organisations without the certification.

The importance of the Cyber Essentials scheme is made very clear with it being a vital part of the UK’s cyber resilience. In a speech earlier this year at the CyberUK 2024, the Technology Minster, Saqib Bhatti’s, gave a speech stating:

“Let me be unequivocally clear: Cyber Essentials works. And we need to get many more businesses and organisations to adopt Cyber Essentials, and prevent those basic attacks which are so prevalent. This will have a huge impact on the UK’s overall level of cyber resilience.”

As a Certification Body, Cyber Advisor and Assured Service Provider, we see the benefits organisations reap from being Cyber Essentials compliant every day.  We will continue to ring the “Cyber Essentials” bell and look forward to helping many more organisations reduce their cyber risk.

 

 

vSOC CERT: Driving Security and Cyber Essentials Compliance

Streamline your certification process each year, with the vSOC CERT service.

With the Cyber Essentials Review Toolkit (vSOC CERT), benefit from:

  • Simplified certification, full visibility and access to the necessary tools with our vSOC Connect Console
  • Utilise your assessment workshop and certification roadmap that highlights your risks and improvements
  • Assistance throughout the certification process and beyond by an experienced and dedicated cyber security team
  • Certified by the National Cyber Security Centre as an Assured Service Provider and Cyber Advisor
  • Stay compliant with vulnerability scanning and management throughout the year
  • Keep up to date on current trends, End-of-Life (EOL) assets and certification updates with the vSOC CERT Newsletter

 

Share this post

Related Posts

Quantifying Risk: A Look into Vulnerability Scoring Incl. CVSS & Qualys

Quantifying Risk: A Look into Vulnerability Scoring Incl. CVSS & Qualys Decoding CVSS: An Introduction to Vulnerability Scoring The Common Vulnerability Scoring System (CVSS) is...

Charity Cyber Essentials Awareness Month

Charity Cyber Essentials Awareness Month     Proud Certification Body and Cyber Advisor At Data Connect, we are proud to be a Certification Body, Assured...

Willow: New Cyber Essentials Question Set Published by IASME and NCSC

Willow: New Cyber Essentials Question Set Published by IASME and the NCSC   Willow, the new Cyber Essentials question set, was published on Monday (23rd...

Get in touch

SPEAK WITH AN EXPERT

01423 425 498

Related Posts

Quantifying Risk: A Look into Vulnerability Scoring Incl. CVSS & Qualys

Quantifying Risk: A Look into Vulnerability Scoring Incl. CVSS & Qualys Decoding CVSS: An Introduction to Vulnerability Scoring The Common Vulnerability Scoring System (CVSS) is...

Charity Cyber Essentials Awareness Month

Charity Cyber Essentials Awareness Month     Proud Certification Body and Cyber Advisor At Data Connect, we are proud to be a Certification Body, Assured...

Willow: New Cyber Essentials Question Set Published by IASME and NCSC

Willow: New Cyber Essentials Question Set Published by IASME and the NCSC   Willow, the new Cyber Essentials question set, was published on Monday (23rd...