The Most Frequently Asked Questions about Cyber Essentials
According to the National Cyber Security Centre, there has been a 15% rise in the number of Cyber Essentials certificates awarded to businesses in the last 12 months. If your business has been thinking about Cyber Essentials, we’ve compiled answers to some of the most common questions you might have about the Cyber Essentials certification.
What is Cyber Essentials?
Cyber Essentials is a simple and effective Government backed scheme supported by industry experts and the Cyber Resilience Centre.
The scheme helps you put measures in place to protect your organisation, regardless of size or sector, against a range of the most common cyber-attacks. This includes protecting against threats such as malware, ransomware and phishing.
Why should your business get a Cyber Essentials certificate?
Cyber Essentials helps you demonstrate a commitment to cyber security to your customers and clients with a certificate and badge to display on your premises and website.
Having the certificate makes your organisation more resilient against the most common cyber-attack forms. It gives your business peace of mind knowing that your data is protected and your security systems are robust, should a cyber-attack occur. Allowing you to reach further business opportunities, as Cyber Essentials will enable you to tender for specific contracts in government.
How and where can I become Cyber Essentials certified?
At the Cyber Resilience Centre, we work with a small group of Cyber Essentials Partners who are official providers of Cyber Essentials and Cyber Essentials Plus Certification. Any members or businesses in the North West should contact us, and we can refer you to the Cyber Essentials Partner in your region who can help you get certified.
Does the Cyber Essentials certification have an expiry date?
Once you have achieved your Cyber Essentials certification, your certificate is valid for 12 months. The UK government recommends that businesses renew their certification annually.
How much does the Cyber Essentials certification cost?
The cost of Cyber Essentials (verified self-assessment) follows a tiered pricing structure which adopts the internationally recognised definition for micro, small, medium and large enterprises.
Micro organisations (0-9 employees) £300 + VAT
Small organisations (10-49 employees) £400 + VAT
Medium organisations (50-249 employees) £450 + VAT
Large organisations (250+ employees) £500 + VAT
Do businesses in the recruitment sector need Cyber Essentials?
For recruiters, your business processes large quantities of valuable data, making you a big target for cybercriminals. Cyber Essentials can help protect your business from most cyber threats.
With 82% of UK recruitment firms adopting some form of hybrid working, you need to ensure any staff working from home are secure. Cyber Essentials can guide your business to make the switch safely.
Your recruitment business is built on trust – your clients and candidates need to know their personal data is safe in your hands. Cyber Essentials certification provides government-backed proof your business is taking cyber seriously and keeping your data safe – crucial when looking to retain current customers and win new clients.
Watch out for Cybercriminals who are creating fake job postings. These fake adverts aim to trick employers and employees into revealing personal/financial details or handing over money for phoney services.
Why would a law firm need Cyber Essentials?
A law firm’s greatest asset can often be its reputation, and it only takes one cyber incident for this reputation to be damaged beyond repair. However, if you are Cyber Essentials certified, then you are safe from over 80% of cyber attacks.
Cyber Essentials also helps reassure your Clients that you have good cyber hygiene and practices in place, especially regarding data protection, data handling and GDPR. Cyber Essentials can also support your Lexcel certification.
Does your law firm have a Cyber Incident Response Plan? Our Cyber Incident Response pack can help you prepare for, respond and recover from cyber incidents.
Does a manufacturing business need to think about Cyber Essentials?
Manufacturing is an attractive target for cybercriminals. So much so 48% of manufacturers see cyber security as an impediment to manufacturing & smart factory initiatives. And, with more back-office staff working from home on unsecured networks and devices, the risk is only growing.
Cyber Essentials is a government-backed certification that shows your business takes cybersecurity seriously. This makes you an attractive partner and reassures new and existing customers.
Depending on what your business manufactures, government contracts could be an important source of revenue. If this is the case, then your business will need a valid Cyber Essentials certificate to bid for them.
Cyber Essentials is mandatory for businesses looking for specific government contracts. Without Cyber Essentials, you cannot bid for such contracts. Often these contracts will involve delivering certain IT products and services and handling personal information.
Does my Business need Cyber Essentials Certification for Ministry of Defence Contracts contracts?
Yes - If your business will be bidding, or wants to bid, on Ministry of Defence contracts, then Cyber Essentials is a mandatory requirement.
This mandatory requirement for Ministry of Defence contracts also extends to their supply chain. So if your business is working on a contract with an MoD supply chain business, you will have to be accredited by Cyber Essentials.
Do I need to have Cyber Essentials before getting Cyber Essentials Plus?
Yes - If your business wishes to become Cyber Essentials Plus certified, you must first pass Cyber Essentials. In addition, you must take the Cyber Essentials Plus audit within three months from the date your Cyber Essentials certificate was awarded.
My business has Cyber Essentials. Do I need Cyber Essentials Plus?
There is no mandatory requirement for your business to obtain Cyber Essentials plus - If you wish to bid on government or MoD contracts, then you will need Cyber Essentials as a bare minimum. However, having Cyber Essentials Plus shows your company is going the extra mile to ensure security and data protection.
However, if you do not require this, then Cyber Essentials can make your organisation more resilient against the most common forms of cyber-attacks and demonstrate to your Clients that you are committed to being cyber secure.
How do I check if another organisation has a valid Cyber Essentials certificate?
Any business that passes Cyber Essentials and becomes accredited can advertise this by putting the Cyber Essentials badge on its website. If this is not present, however, IASME (the Cyber Essentials founders) have made a handy search tool that you can use.