Around 64% of Cyber Essentials users believe that certification helps them spot common, simple cyber attacks more effectively. Cyber Essentials is a government initiative designed to guide organizations on security measures that stop basic IT vulnerabilities from being exploited. This includes straightforward steps like setting up firewalls and using malware protection.
A recent survey by Pye Tait Consulting for the Department of Science, Innovation and Technology (DSIT) revealed that Cyber Essentials users rate their concern about falling victim to cyber attacks at 5.8 out of 10, compared to just 3.7 for organizations without certification. This shows that those who are certified are more aware of risks, leading to greater unease over potential threats.
The poll, which included 606 respondents, found that Cyber Essentials users also recognize the potential reputational, financial, and legal damage from a cyber attack more acutely than their non-certified peers. This heightened concern likely stems from being better informed, leading users to appreciate the serious impact a cyber incident could have.
As we celebrate the 10th anniversary of Cyber Essentials, Feryal Clark, the minister for artificial intelligence and digital government, highlighted its crucial role in safeguarding UK businesses. She encourages more organizations and their suppliers to adopt the program, especially with the growing number of online threats.
Chris Ensor, deputy director for cyber growth at the NCSC, pointed out that even as the cyber threat landscape evolves, attackers still target the same vulnerabilities identified in 2014 when Cyber Essentials began. He advocates for making Cyber Essentials a core part of every organization’s cyber defenses.
Adam Pilton, a former Dorset Police cyber crime detective and now a consultant at CyberSmart, believes Cyber Essentials has made a real difference in helping organizations establish fundamental cyber security practices. However, he noted that smaller businesses often lack awareness of best security practices.
Pilton remarked that SMEs are frequently overlooked when it comes to cyber security, and their concerns don’t attract the same level of attention as those from larger enterprises. This gap in education around Cyber Essentials for smaller companies means many still view security as something overly complicated.