Cyber Essentials is Coming to America! What Does This Mean for SMEs?

Written by Sam Jones
Nov 13, 2019 - 4 minute read

The UK Cyber Essentials scheme has been a huge success. CISA has decided to bring the scheme to America for their SMEs. Here's what it means...

If the UK has something good, you can almost guarantee America will find a way to rebrand it for their audience.

I mean, The Office has a US version and it doesn't even come close the UK version (this isn't up for debate by the way)


Usually, you'd hear a few British groans when Americans adopt something inherently British but this news has had a completely different reception.

Brits were happy, proud and pleased.

And rightly so.

What is Cyber Essentials?

Cyber Essentials is a cyber security certification which has been designed by the government to make it simple for organisations to protect themselves against common cyber threats. In fact, this cyber threat is cut by approximately 80%.

There is the impression that Cyber Security is expensive and it can only be utilised by big organisations with millions in revenue.

The UK Government couldn't sit back and watch hundreds of their small and medium enterprise suffer after a breach.

And this is why Cyber Essentials exists, it provides businesses with an affordable way to protect themselves from the ever-increasing cyber threat.

Of course, there are more benefits than just protection which you can view here.

Data Privacy on Black-Golden Watch Face with Closeup View of Watch Mechanism.-1

Why did CISA choose to create their own Cyber Essentials?

If we put outdoing Britain to one side for a moment, the Cybersecurity and Infrastructure Security Agency (CISA) knew America needed something to protect their small and medium enterprises (SMEs).

Breaches can cost companies up to $200,000 and most SMEs cannot afford such a cost.

Just like the UK government, CISA did not want to sit back and watch hardworking businesses go out of business.

In 2019 alone, the UK had over 14,000 businesses become certified for Cyber Essentials. Also, there was an 11% fall in the amount of businesses that were breached from 2017 to 2019.

Whilst the National Cyber Security Centre's mission of having every UK organisation certified is still far from complete, the scheme is certainly heading in the right direction.

Thanks to its early success, it's now heading to America.

What does this means for American SMEs?

CISA have explained that Cyber Essentials enables businesses to create a culture of cyber readiness. This means with Cyber Essentials, you will be beginning your cybersecurity journey with your entire organisation on board with cybersecurity. 

CISA have highlighted five areas which will allow businesses to create this culture:

1) Leadership

The leaders within organisations will be expected to drive cybersecurity investment, strategy and culture. This requires investing time into building a trusted network of sector agencies and government officials to access cyber threat information on time.

2) Staff

The staff within organisations will be expected to develop security awareness and vigilance by making smart choices online, undertaking training and taking the time to keep up the date with the industry.

3) Systems

The systems will need to be ready to protect critical assets and applications and this involves:

  • Leveraging automatic updates for all operating systems and third party software
  • Implementing secure configurations
  • Remove all unauthorised software and hardware
  • Leveraging email and web settings to protect against phishing emails and unsecured webpages
  • Creating application integrity and whitelisting policies

4) Surroundings

The surroundings need to ensure that high level access is only given to those who need it and this means controlling and understanding the network.

Also, this means developing policies and procedures that will enable each user to have the right level of access.

5) Data

The data needs to be backed up to avoid loss of information critical to operations and staff need to ensure they take the time to understand how data can be protected.

6) Actions

The actions staff take under stress of a breach can limit damage and quicken restoration of normal operations.

If you're in the cyber space, you may be thinking this sounds quite familiar. This is because Cyber Essentials will be consistent with the popular NIST Cybersecurity Framework which has five functions:

  1. Identify
  2. Protect
  3. Detect
  4. Respond
  5. Recover

CISA have made a huge statement to the world by bringing Cyber Essentials to North America, you'll most likely see other countries follow in their footsteps.

If you're interested in learning more about how Cyber Essentials works in the UK, feel free to read the Ultimate Guide to Cyber Essentials which will answer every question ever asked around Cyber Essentials.


Topics: Cyber Essentials, Cyber Essentials Plus, Business Security, MSSP, Cyber Security


More by Sam Jones

Related articles
The Importance of Penetration Testing for SMEs: Safeguarding Your Digital Assets

Learn why penetration testing is crucial for SMEs to safeguard their digital assets, identify vulnerabilities, comply with regulations, enhance security, protect customer data, and make cost-effective security investments.

The Ever Evolving Role of the MSP!

Discover how Managed Service Providers (MSPs) can strengthen cybersecurity with a proactive approach and Cyber Essentials Certification. Learn about the evolving role of MSPs in safeguarding businesses against cyber threats.

Is ISO an alternative standard to Cyber Essentials?

Comparing ISO and Cyber Essentials for cybersecurity standards, this blog delves into their differences and importance in safeguarding against cyber threats.