The UK launched Cyber Essentials in June 2014 with the goal of helping businesses protect themselves against common cyber threats and demonstrate their commitment to cybersecurity. The program focuses on firewall, secure configuration, user access control, malware protection, and patch management.
Over 132,000 Cyber Essentials certificates have been awarded since the program’s inception, but small businesses continue to be targeted by cyber attacks. In fact, 43% of cyber attacks target SMEs, and 60% of businesses are out of business within six months of an attack. It is crucial for the security industry to evaluate the success of Cyber Essentials in keeping UK businesses safe from cyber crime, particularly small businesses.
Cyber Essentials has been successful in helping organizations establish basic cybersecurity measures. It has protected against common cyber attacks that SMEs often fall victim to. While it may not defend against more sophisticated attacks, it provides the foundation for defending against everyday cyber threats.
However, awareness of Cyber Essentials has declined in recent years. Only a small percentage of businesses and charities adhere to the program directly, but a larger proportion have implemented technical controls recommended by Cyber Essentials. There is room for improvement in both awareness and uptake of the program.
The cybersecurity industry needs to do more to support SMEs, as they are often underserved in terms of security measures. Education on Cyber Essentials and SME security is essential to combat the perception that cybersecurity is too complex for small businesses. Implementing Cyber Essentials can be the difference between survival and failure for the majority of businesses in the UK.