What is Cyber Essentials and Why Should I Care

Posted on Tuesday 12th February 2019

It is no secret that Cyber Security is one of the top concerns of the Western World right now. Major attacks have hit the US Federal Government and, closer to home, the likes of Talk Talk and HSBC have suffered significant reputational damage and financial loss.

National security experts rank major cyber-attacks as likely and as potentially devastating as a terrorist attack. This isn’t at all surprising when you consider that, as individuals we are subjected to dozens of cyber-attacks every day in the form of phishing scams. Unless of course you do have a wealthy, long lost uncle in a far flung corner of the world, then good for you.

Businesses, however, are the subject of growing numbers of increasingly varied attacks. In addition to the phishing attacks we’re used to seeing in the junk folders of our Gmail and outlook.com accounts; they also have to contend with password attacks, denial of service attacks and a raft of others including the widely publicised ransomware attacks.

Whilst ransomware is not new, it has been reinvented and is causing misery to individuals and businesses all over the world. However, not content with holding your data hostage, the malicious minds behind the software have made improvements so the software will now delete chunks of your data every 10 minutes until the ransom is paid. This change has turned a rational decision made over time, in consultation with directors and heads of function, into one of emotion: a decision driven by fear. So once again the world is on the back foot.

The number of organisations reporting attacks is increasing and in some cases those attacks are costing millions, but the battle of global cyber security is far from a lost cause.

In response to the growing cyber-threat, central government has rolled out Cyber Essentials and represents a key deliverable of the UK’s National Cyber Security Programme. So it’s quite a big deal. Its objective is to provide organisations within the UK a cyber security standard.

Cyber Essentials delivers the basic controls that all organisations should implement to mitigate the risk from common Internet-based threats. It allows them to demonstrate to customers, investors, insurers and others that they have taken the essential precautions to secure against the majority of cyber-attacks.

However, Cyber Essentials isn’t a magic wand or an impenetrable virtual wall around your company network. If a hacker wants to breach your system they will keep trying until they succeed, get caught, or it becomes too time consuming and costly to continue. Cyber Essentials is about making that effort unsustainable for the hacker.

The scheme is backed by some of the biggest organisations in the world including defence giants, BAE Systems and Lockheed Martin. It will also be taken into account by insurers as they recognise it as a mature and sensible approach to cyber security and evidence strongly supports the reduction of risk.

Cyber Essentials will also allow you to apply for government contracts. Or, more to the point, you won’t be allowed to apply for Government contracts – and most likely third part contracts – without it. You can also expect this clause to become increasingly common in finance and other data heavy sectors.

Make no mistake; cyber security is a business-critical priority and Cyber Essentials is the first step to that end with over 1,200 organisations already adopting the scheme.

Doctor Christopher Richardson, head of the Bournemouth University Cyber Security Unit commented: We’re playing a key part in bringing cyber security professionals and businesses across the UK together. We’re proud to be part of Bournemouth Cyber Security Cluster, a network of businesses committed to improving cyber security in the local area.


It is also important to understand the current situation whilst thinking of the long-term goals and scenarios. New and more structured policies are being implemented across Europe to help with the assurance and security of Data and the Digital footprint within the European Union, with strong penalties for those not meeting the criteria.

Alan Essam, Lead Information Assurance Consultant commented:


“Whilst many large organisation have taken steps to reduce their Cyber risk and exposure by implementing internationally recognised standards e.g. ISO27001 many smaller companies have consider this too complex to justify. Research shows that a significant proportion of the phishing and ransomware attacks, carried out by criminal organisation for financial gain, are based on well-known exploits that can be mitigated by basic controls, education and awareness. Cyber Essentials sets out to ensure that all organisations have taken basics steps to reduce these risks, educate staff and develop recovery procedures.

In addition to the risks of Cyber-attacks, organisations will also have to comply with new data protection laws, due to become law over the next two years. Any organisation that creates, stores, records and/or processes personal information needs to understand the new requirements and liabilities under the EU General Data Protection Regulation. This will replace current UK legislation and places greater emphasis on the security, management, sharing, reporting and destruction of any personal information.

Cloud services is another area causing some concerns, especially regarding data sovereignty and the rights and responsibilities of data owners and processors.