Put simply, you'd always always want to protect data when possible, so yes, Cyber Essentials is worth it.
I know what you're thinking, why is Cyber Essentials worth it and if the answer was that easy... then why does this question even exist?Grab your tea with some biscuits and let's dive into this!
Can you explain what Cyber Essentials actually is?
Sure, in simple terms, Cyber Essentials helps you to protect your data against the most common cyber threats and helps demonstrate to your clients that you care about their data as well as your cyber security measures.
Cyber Essentials makes it easy to understand which areas of your Cyber Security require attention by setting the cyber security standards your organisation will be assessed against.
Cyber Essentials will tell you where you need to improve as well and ensure you have the 'essentials' to become a cyber safe company.
There are the five technical controls associated with Cyber Essentials and this is usually where most people grab their reading glasses and stare intensely at their screen for 10 minutes. Good thing for you is that we've created an easy to understand infographic explaining the five controls below:
We're all the same really...
As you know, every organisation is different. From the size of the organisation to the leadership and culture inside the organisation, every single company is unique. However, there is one thing that all companies, including your company, have in common - all organisations hold data.
This data, your data, is under threat.
I hope you've eaten your biscuits, the next statistic will make you lose your appetite and in truth, it'll make you a little queasy.
According to the 2018 Cyber Security Breaches Survey, almost half of British organisations reported cyber security breaches or attacks over the 12 month period.
That's a LOT of organisations experiencing problems and that could include your organisation.
So you must be wondering, what exactly are these hackers and cyber criminals looking to do with your systems?
- Hackers will be looking to infect your systems with Malware. Malware is software that is specifically designed to disrupt, damage, and gain unauthorised access to your computer systems.
- Cyber criminals are incredibly clever and through the use of social engineering, they will find a way to the data that you care about most. This focuses on the use of deception to manipulate your employees into divulging confidential and personal information that will be used for fraudulent purposes.
- All systems can have weaknesses and vulnerabilities. The weaknesses in your systems can be exploited by an attacker and your data will be breached.
- With DDoS ( Distributed Denial of Service) attacks, hackers use multiple systems to flood and target the bandwidth and resources of your systems. In 2018, a popular developer platform known as Github suffered one of the worst DDoS attacks in history as they were hit with traffic that clocked in at a record breaking 1.35 terabits per second. The threat is seriously real, hackers and cyber criminals do not care about the lives we live, just the data we hold.
We're all in this together, we all have a duty to keep data protected from those who want to harm and manipulate our organisations. This is where Cyber Essentials can help us.
What Does Cyber Essentials Bring to the Table? (Hopefully more biscuits!)
With Cyber Essentials, the chance of a data breach in your organisation is reduced significantly, in fact, the cyber threat is reduced by approximately 80%. (Eight. Zero. You did just read that correctly!).
You might even have people in your ear begging you to invest in expensive cyber security tools when in reality, you only need to align yourself with the only UK standard, which is cyber essentials. Once you have Cyber Essentials, you can look to reduce the remaining 20% with those other tools.
When you are certified by an IASME certification body such as Cyber Tec Security, the requirements for GDPR are covered by the IASME Governance Standard and this can mean potentially avoiding the 4% charge of your global turnover if you have a security breach.
There are a number of ways in which Cyber Essentials can benefit your organisation and you can view our 10 comprehensive, detailed ways in which Cyber Essentials can benefit your organisation.
Cyber Essentials vs Cyber Essentials Plus
We've found the culprits. These two levels of certification are the reason there is so much confusion in the industry around this question.
Knowing the difference between the two Cyber Essentials certifications is what will allow you to truly understand why this confusion has been caused in the first place.
So what is the difference?
Cyber Essentials, sometimes referred to as Cyber Essentials Basic is a 'DIY' package. This means you can complete Cyber Essentials on your own and you will receive the certification for Cyber Essentials basic.
Cyber Essentials Plus has the same requirements of Cyber Essentials, except the system tests are carried out by an external certifying body, using tools and techniques which an in-house team may not have access to. You need Cyber Essentials basic to be eligible for the Cyber Essentials Plus scheme.
Put simply, Cyber Essentials shows your clients that you care about your cyber security whereas Cyber Essentials Plus shows your clients you are doing everything in your power to protect their data.
To know the difference between the two packages in more depth and detail, feel free to check out 'The difference between Cyber Essentials and Cyber Essentials Plus'.
So Should I Get Cyber Essentials Basic or Cyber Essentials Plus?
You may have been advised in the past that your organisation needs Cyber Essentials but the advisor failed to distinguish between the Cyber Essentials basic package and from the Cyber Essentials Plus package - hence causing the confusion.
The truth is, ALL organisations need Cyber Essentials Basic to protect themselves from today's cyber threat, but not all organisations need Cyber Essentials Plus at this very moment.
This is because the cost of Cyber Essentials Basic (£299) means any organisation can reduce their cyber threat by 80% at an affordable price. However, for a small organisation with no clients or client data, paying £3000 - £5000 for Cyber Essentials Plus may not be a top priority at this moment in time.
Whereas, a organisation with clients who are looking to protect client data, as well as their own, would need a Cyber Essentials Plus certification for a number of reasons such as significantly reducing insurance premiums and securing lucrative Government contracts..
Imagine This Scenario
You are the managing director of a law firm with a global turnover of £10,000,000.
A hacker breaches your systems and gains access to unauthorised funds as well as personal data of every client you have.
All data associated with your organisation, is exposed and GDPR regulations have been breached.
Now, the ramifications of this are disastrous.
Without Cyber Essentials Plus, the information commissioners office can conclude you did not do everything in your power to stop this breach and you will be charged 4% of your global turnover (400,000).
Oh and believe me, this is nothing in comparison to the damage done to your reputation, especially when you have to notify your clients of the breach within 72 hours.
Would you expect any of this law firm's clients to remain with them after this breach?
So as you can imagine, this law firm would view Cyber Essentials as an investment rather than a cost as it would save their organisation from serious harm if they were to ever experience a breach.
According to the UK's head of National Cyber Security Centre, we will all experience a breach or an attack at some point. So for this firm, Cyber Essentials would certainly be worth it.
As you can see, this is why there was so much confusion. People will put Cyber Essentials Basic and Cyber Essentials Plus in the exact same boat. So really, the question shouldn't be "Is Cyber Essentials worth it?" but rather "Is Cyber Essentials Plus worth it for your organisation?" and for organisations with clientele, it is essential.
Earlier in this article, I mentioned how almost half the UK experienced a breach or an attack, but because of schemes such as Cyber Essentials, British organisations have seen an 11% decrease in cyber security breaches or attacks according to the 2019 Cyber Security Breaches Survey.
The proof is in the pudding, once you take your cyber security seriously, a lot of your issues today are not an issue tomorrow.
If you would like to learn more about Cyber Essentials, we have created the Ultimate Guide to Cyber Essentials to help you on your journey to understanding Cyber Essentials and how it can help your organisation.