The growing cyber threat
The 2018 Cyber Security Breaches Survey reported that only one third of UK businesses have a formal policy on cyber security despite 43% of firms having identified at least one breach in the last year.
Organisations that hold electronic personal data are more likely to have been targeted that those that do not. However, for any organisation he consequences of a breach include financial costs, damage to systems and lost data, as well as reputational damage.
What is Cyber Essentials?
To address this problem the Government has introduced the Cyber Essentials scheme, which helps organisations achieve a good baseline of cyber security. It addresses five key controls that, when implemented correctly, can prevent around 80% of cyber-attacks:
Why do you need Cyber Essentials?
As the Government’s Cyberaware website www.cyberaware.gov.uk/cyberessentials/ points out, achieving the Cyber Essentials standard will enable organisations to:
- Ensure that they are protected against common cyber threats
- Show their customers that they take cyber security seriously
- Bid for Government contracts. Cyber Essentials is now mandatory for suppliers of UK government contracts which involve handling personal information.
Cyber Essentials also helps organisations to identify and implement the security measures needed to protect personal information and avoid breaching data protection regulations.
Achieving Cyber Essentials
There are two levels of Cyber Essentials certification:
Cyber Essentials certification offers a basic level of assurance and can be achieved at low cost. The organisation completes a self-assessment questionnaire, which is approved by a senior executive such as the CEO and is then verified by an independent Certification Body to assess whether an appropriate standard has been achieved and certification can be awarded.
Cyber Essentials Plus covers the same requirements but provides a higher level of assurance as the organisation’s cyber security standards are tested by an external certifying body, leading to a certificate for successful completion.
Fordway can help organisations prepare for certification and work towards GDPR compliance having successfully achieved both Cyber Essentials and Cyber Essentials Plus certification as well as ISO 27001.
(All statistics quoted are sourced from the Cyber Security Breaches Survey 2018)