In July of 2023, the UK’s Department of Science, Innovation, and Technology commissioned a private party to evaluate the impact of a certain cyber security initiative.
The results were eye-opening: It was efficient against 99% of internet-originating vulnerabilities, and 82% of surveyed users were confident that it kept their organizations and systems safe from the most common threats.
There’s more: 91% (!) surveyed users agreed that the scheme reduced cyber risks. This initiative was none other than Cyber Essentials.
But what does it mean? Do you even need it? Why even bother? And what’s the thing with Cyber Essentials and Cyber Essentials Plus? Read on to get all your answers.
Cyber Essentials Plus is part of the UK government’s Cyber Essentials scheme—a mandatory cyber security initiative that helps organizations avoid common cyber threats.
This certification has two levels: Cyber Essentials and Cyber Essentials Plus.
Cyber Essentials is a basic questionnaire-type assessment for smaller organizations, while the Plus version measures your organization's real-life security posture with a technical audit.
The certification keeps you protected and signals your commitment to security and helps you save a ton on fines and legal fees.
Cyber Essentials Plus follows a sequential pattern—you must be certified with the level 1 questionnaire to proceed with Plus.
The five technical controls—firewalls, secure configuration, user access control, malware protection, and patch management—are at the core of Cyber Essentials.
These five controls keep around 80% of common cyber attacks at bay.