A Few Minutes with Jordan Gall, our Managing Director and Head of Cybersecurity, on the Cyber Essentials Scheme
The UK’s Cyber Essentials certification, now celebrating its 10th anniversary, has set a continually evolving benchmark for security standards across all industries.
Our Cyber Security expert, Jordan Gall recently discussed the latest advancements and expanded benefits of the UK government’s Cyber Essentials scheme, highlighting how it will adapt to threats in 2025.
Q: What is Cyber Essentials, why is it important, and what proportion of businesses have it in the UK?
A: Cyber Essentials is the UK’s government-backed cyber security certification run by the National Cyber Security Centre helping organisations stay safe by ensuring 5 technical controls are in place. These controls (secure configuration, user access, malware, patch management, and firewall), are often overlooked by most businesses that do not have appropriate internal or external technology support teams. With Cyber Essentials, businesses can be assured that they have taken the bare minimum steps to secure themselves, and perhaps more importantly, their client’s data.
The last time we reported on Cyber Essentials, roughly 30,000 businesses had Cyber Essentials. Data now shows that 31,294 unique organisations were Cyber Essentials certified in the last 12 months, showing a marked improvement in both awareness of the certification, and the importance of businesses to protect themselves. Unfortunately, this only represents a tiny portion of the estimated 5.5 million private sector businesses in the UK. 0.2% of micro businesses (fewer than 10 staff), and 3.8% of small businesses (10-49) are currently certified.
Cyber Essentials helps to mitigate hacking, phishing, and password guessing by malicious attackers by stress-testing the current condition of a company’s networks and technology procedures and processes, and recommending industry approved cyber policies.
Q: What’s the process for getting Cyber Essentials?
A: Cyber Essentials is a checklist for obtaining a government-backed certificate. Each submission will document the application security settings, firewalls, user access control lists, malware protection, and patch management in place for each business.
Buchanan Technology supports businesses through every aspect of the Cyber Essentials application, including preparing required documentation on related technology processes. Any shortfalls in the current security settings will be addressed as a separate project prior to the submission. This activity is then repeated every 12 months to maintain the certification.
Q: What are the main benefits to firms that have the Cyber Essentials accreditation?
A: The three main benefits of obtaining a Cyber Essentials Certification are as follows.
You will be protected against the most common types of cyber threats, many of which can be extremely costly for a business and can irreparably damage their reputation.
You will be able to openly demonstrate their commitment to protecting their data to their existing and prospective clients. They will be able to include their certification status on marketing materials and proposals, improving their messaging during the client acquisition and engagement process.
You will be eligible for discounted, and in most cases, free, cyber insurance provided by AIA.
Q: What are the benefits to the clients of firms that have the accreditation?
A: Clients of firms with the Cyber Essentials certification are reassured that their providers are officially certified by one of the world’s leading cyber authorities. They can sleep well at night knowing their confidential data is more secure, as the certification itself assists their provider with meeting strict GDPR requirements.
Q: What are the costs of working with Buchanan Technology to get Cyber Essentials?
A: Buchanan Technology is extremely cost-competitive in the SMB/SME market for earning the Cyber Essentials Certification. We charge £50 or 100 per month on top of our core Secure365 service (depending on the business size) to support the application process (standard market rates are around £1,200-1,500 per annum). However, it’s worth noting that additional work may be required, i.e. updating security settings highlighted by the initial review process, which is charged on a project basis. This is industry standard, and doesn’t tend to be too extensive from our experience.
On top of the support, there is an annual fee that is paid to the governing body, which is approximately £400-£500 per year and is dependent on the size of the business.
With a little bit of help, it’s a straightforward and quick process. Once in place, it’s then only about maintaining it. This is why we aligned our Cyber Essentials support with our flagship service, Secure365 – more details on which can be found here.
If you’d like to learn more about Cyber Essentials, get in touch via our contact page.
