Cyber Essentials


“The ICO supports the Cyber Essentials scheme and encourages businesses to be assessed against it. Protecting personal data depends on good cyber security, and the threats and challenges are getting ever more sophisticated. This scheme focuses on the core set of actions that businesses should be taking to protect themselves, their customers, and their brand.”

Christopher Graham, Information Commissioner, Information Commissioner’s Office (ICO)

Both public sector and private sector organisations are beginning to realise that even if they have implemented effective cyber security controls, their suppliers may provide a weak link. So, if any organisation wants to prove to its clients that it takes security seriously, getting Cyber Essentials certification is a very good first step. Cyber Essentials was launched in 2014 as part of the UK Government's National Cyber Security Strategy and introduces an entry-level cyber security standard that is achievable and affordable for any size of organisation across any type of business. It sets a baseline for cyber security and provides an independent assessment of the security controls that you need to have in place to mitigate risks from the most common forms of cyber threats.

Not only will your business be more secure, but displaying the Cyber Essentials ‘badge’ will demonstrate that you have taken steps to be cyber safe – giving you a distinct edge over your competitors. What’s more, the UK Government already mandates suppliers to be Cyber Essentials certified if they are bidding for contracts that involve handling sensitive and personal information.

The scheme focuses on five cyber security controls to help to reduce your company’s cyber risk. These are: boundary firewalls and internet gateways, secure configuration, access control, malware protection and patch management.

Malware Protection

Providing protection against malware is essential for every organisation. Whether it’s essential defence against known vulnerabilities or security against zero day attacks or APTs (Advanced Persistent Threats), you need a solution that covers your entire network. Today’s environment are no longer simple – the core of a network may remain on-premise, but with public and private cloud deployments and the proliferation of mobile working, it’s essential to have a solution that delivers total coverage.

Bitdefender and Trend Micro can provide the security you need, whatever your infrastructure and endpoint requirements.

Patch Management

Considering that over 90% of cyber-attacks exploit known security flaws for which remediation is available1, effective vulnerability and patch management should be on every company’s to-do list. By streamlining and automating vulnerability management processes, your organization can effectively address operating systems and application flaws. The ability to quickly patch third-party application vulnerabilities is also increasingly important as these risks are exploited with more frequency.

With HEAT PatchLink, you can automatically identify and patch heterogeneous operating systems, Microsoft security and non-security vulnerabilities, third-party applications, and endpoint configurations—all seamlessly managed through a single console.

Next steps with Cyber Essentials

Once a decision has been reached to proceed with a Cyber Essentials certification, a Certifying Body must be appointed to carry out the assessment. Organisations have a number of certified suppliers that they can select, all of whom have to be accredited by one of these four Government appointed organisations: CREST and IASME who contributed to the design and development of the scheme, along with APMG Group and QG Business Solutions. You can find out more about Cyber Essentials and how to select a company to help you on the Cyber Streetwise web site: at

to Top