Cyber Essentials - OFFICIAL SITE

Cyber attacks cost organisations like yours thousands of pounds and cause lengthy periods of disruption. Do you have a plan for what you would do if your customer database was stolen, your website was forced offline, or you couldn’t access your email or business-critical data?

Cyber criminals don’t just attack banks and large companies - they target any organisation which isn’t properly protected, even small businesses - like yours.

The majority of cyber attacks exploit basic weaknesses in your IT systems and software. Cyber Essentials shows you how to address those basics and prevent the most common attacks. The scheme is designed by Government to make it easy for you to protect yourself.

Get Cyber Essentials

Why should I get Cyber Essentials?

Cyber Essentials helps prevent the vast majority of cyber attacks. Even a simple virus or piece of malware could result in loss of company and client data, disrupt your cashflow and take up staff time. An attack could also put off your customers, stop you trading and damage your hard-earned reputation. It could also be reported in the local media. Loss of data could breach the Data Protection Act and lead to fines or prosecution.

Having a Cyber Essentials badge will

Protect your organisation against common cyber threats
Show your customers you take this issue seriously
Enable you to bid for Government contracts.

Since October 2014 Cyber Essentials has been mandatory for suppliers of Government contracts which involve handling personal information and providing some ICT products and services. Holding a Cyber Essentials badge enables you to bid for these contracts. Find out more here.

Get Cyber Essentials

The Cyber Essentials badge allows your organisation to advertise that it meets a Government-endorsed standard.

There are two levels of badges that your organisation can apply for:

Cyber Essentials

Requires the organisation to complete a self-assessment questionnaire, with responses independently reviewed by an external certifying body.

Cyber Essentials PLUS

This covers the same requirements as Cyber Essentials but tests of the systems are carried out by an external certifying body, using a range of tools and techniques.

The Cyber Essentials documents are FREE to download and any organisation can use them to put essential security controls in place. However, applying for a Cyber Essentials certificate will provide independent assurance that you have the protections correctly in place. You will also be able to display the Cyber Essentials badge to demonstrate to customers, partners and clients that you take cyber security seriously - boosting reputations and providing a competitive selling point.

What Industry has to say about Cyber Essentials

Prev Next

“The Information Commissioner’s Office supports the Cyber Essentials scheme and encourages businesses to be assessed against it. Protecting personal data depends on good cyber security, and the threats and challenges are getting ever more sophisticated. All too often organisations fail at the basics. This scheme focuses on the core set of actions that businesses should be taking to protect themselves, their customers, and their brand. Cyber Essentials enables businesses to demonstrate that they are taking action to control the risks”

Christopher Graham, Information Commissioner, Information Commissioner’s Office

“Increasing awareness of the cyber security threat to business is an important issue to the CBI, so we are pleased to be one of the first organisations to take part in the Cyber Essentials scheme. Business leaders will benefit from the access to helpful and authoritative cyber security guidance. Encouraging firms to adopt this scheme is a positive step towards greater awareness of cyber security and more widespread action to manage the risks”

John Cridland, Director General, Confederation of British Industry

“Cyber crime poses a real and growing threat for all businesses and small firms in particular and should not be ignored. Many businesses take steps to protect themselves but the cost of crime can act as a barrier to growth. For example, some businesses refrain from embracing new technology as they fear the repercussions and do not believe they will get adequate protection from crime. In the face of an ever increasing threat of cyber attacks, the FSB supports the Cyber Essentials scheme as an additional and important tool, designed to help reduce the risk to small firms and improve the resilience of the sector”

Mike Cherry, National Policy Chairman, Federation of Small Businesses

“AIG is pleased to support the Cyber Essentials Scheme, which provides an effective way for organisations to manage essential cybersecurity risks. As part of our commitment to the programme, we will incorporate Cyber Essentials into our risk assessment process for new cyber insurance policies, offering preferential rates to those prospective AIG clients who have obtained a Cyber Essentials Certificate as part of our commitment to superior cyber hygiene and overall cyber risk management.”

Jamie Bouloux, Cyber Liability Underwriting Manager of insurance firm AIG

“As a global leader in insurance broking and risk management, Marsh designs and delivers solutions that enable companies to protect themselves against cyber risks. We welcome this new government initiative to improve security practice to an accredited standard and believe it will make insurance more attainable for UK businesses.”

Mark Weil, Chief Executive of insurance broker Marsh UK and Ireland

“ICAEW Chartered Accountants frequently handle sensitive financial information, making data security and risk management central to the work we do. This is why the ICAEW is committed to raising standards of cyber security within the profession, and the wider business community as a whole. The Cyber Essentials scheme provides an industry standard to show that a business cares about its own data - and its customers. That’s why ICAEW worked with government and other industry professionals to develop the scheme, in order to provide a greater standard of cyber hygiene amongst all UK businesses, regardless of size or sector”

Michael M D Izza, Chief Executive, ICAEW

“Our customers depend on us to provide secure infrastructure for broadcast and telecommunications services and so we are always looking at ways to improve how we manage cyber security threats. Cyber Essentials is as relevant to large, critical infrastructure businesses as it is to organisations who face lower levels of cyber risk. In addition to our existing end to end ISO27001 certification, we are adopting the Scheme and encouraging our suppliers to adopt it as well”

Richard Beck, Head of Information Security, Arqiva

“Swiss Re Corporate Solutions supports the Cyber Essentials scheme since it defines well the basic requirements in cyber risk management and believes it will be valuable to insurers in making judgements about how well businesses are managing their cyber security risks”

Willy Stoessel, Global Head of Cyber, Swiss Re Corporate Solutions

“The Cyber Essentials Scheme will positively impact the wider UK economy by raising the bar for opportunist attackers. The scheme will identify the essential security controls organisations, particularly small to medium enterprises (SMEs), need within their IT Systems to increase their cyber resilience. It will also help SMEs improve their cyber posture and give them confidence that they are beginning to mitigate cyber risk.”

James Nunn-Price, UK cyber partner at Deloitte

“HP welcomes the introduction of this Scheme as it provides a clear means to demonstrate our own technical cyber safeguards are in place and and a means to assess and assist our supply base. We will seek to help our SME community to undergo their own registration”

Andy Thornton, VP COO & SIRO of HP UK Public sector

"IRM regularly sees the damaging commercial and personal consequences of weak cyber security. As an early adopter of Cyber Essentials ourselves, we’re keen that as many organisations as possible start implementing its principles at the earliest opportunity."

Jeremy Harrison Interim Chief Executive, Institute of Risk Management

"BIBA see the launch of Cyber Essentials as a welcome development in the practice of cyber risk management. Cyber Essentials will help our members better assess clients looking for insurance cover and help those clients implement basic technical protection in their business."

Graeme Trudgill, Executive Director of the British Insurance Brokers Association (BIBA)

"The International Underwriting Association supports the Cyber Essentials Scheme as a basic standard in line with promoting good risk management and raising awareness of cyber risks."

International Underwriting Association (IUA)

"We have all seen various presentations and articles about the development of the Cyber Essentials scheme - if not, where have you been? On seeing the list of five controls, I did ask "is that all? - we need 10 Steps to do Cyber?" Was it worth it? Time will tell about the success of the overall scheme, but I learned a number of things while doing it. It forced me to look in detail at my business, rather than taking things for granted - "I do IT security so we must be okay". There is also the pleasure in talking to other larger security companies and asking them, "If it is so basic, why they are not certified?"

Ed Moses, CLAS consultant Specialist Industries Limited

Self-Assessment Questionnaire

Cyber Essentials sets out five security controls to protect your organisation against the most common cyber threats. Take this quick test to get an idea of how you measure up. You can then decide whether to apply for one of the Cyber Essentials badges.

Please note this questionnaire is an example of the questions asked in the formal assessment for Cyber Essentials. It will not save your answers.

Protect your business against cyber threats

Self-Assessment Questionnaire