August 11th 2022
CYBER ESSENTIALS OR CYBER ESSENTIALS PLUS - WHICH IS RIGHT FOR YOUR BUSINESS?
The Cyber Essentials Scheme is a government scheme helping organisations of all sizes to protect themselves against cyber threats. Compliance with the scheme not only protects your data, but also signals to other companies and customers that you can be trusted with their information.
But with two levels of the scheme, 1) Cyber Essentials and 2) Cyber Essentials Plus, it can be difficult for businesses to know which actions to take to protect their data.
Cyber Essentials
The Cyber Essentials certification is a basic self-assessed certification process that covers 5 base level technical controls that ensure cyber security for your organisation. These controls cover:
- Boundary Firewalls – your outermost barrier to the web.
- Secure Configuration – how easy it is to access your systems.
- User Access Control – who has permission to access, use, and change your systems.
- Malware Protection – a program in place to protect against malicious software.
- Patch Management – ensuring you there are no gaps or holes in your systems and software.
Cyber Essentials Plus
The Cyber Essentials Plus is an add on to the Cyber Essentials certification. It covers the same 5 technical controls, but also includes a further independent assessment by an external, licensed auditor, to make sure your own assessments are sound.
Pros and Cons of the Two Certifications
When considering which is the right certification for your business, it’s important to assess the pros and cons:
- The Cyber Essentials certificate protects your organisation from around 80% of the most common cyber-attacks.
- The Cyber Essentials certificate will assure both you and your customers that your own checks are water-tight, and that your data, money, and privacy is protected.
- By extension, the Cyber Essentials Plus certificate will give all stakeholders the reassurance that their initial assessment is faultless, with confirmation from an external, unbiased invigilator.
- There is an initial cost of £300 for the Cyber Essentials certificate.
- To achieve the Cyber Essentials Plus certificate, you must pay an external auditor time, travel, and expenses- which can add up. If you are tech-savvy, and confident in your own computing abilities, you may want to consider if this extra cost is necessary.
- If your business is UK based, with a turnover less that £20m, and a CE certification to cover the entire business, you may by entitled to Cyber Liability Insurance with a total liable limit of £25,000.
So Which Certificate Is Best for You?
Ultimately, the decision comes down to:
- Whether or not you can afford the time and cost of an independent auditor.
- How you feel having the CE+ over the CE may impact your reputation; it may be that client trust and comfort increases if they know you have enacted every possible safety check.
- Whether or not you feel the need for further clarification on your initial self-assessment, if you yourself are reasonably tech-savvy, and trust your own assessment, it may be that an independent auditor would simply come in and confirm what you already know.
Get Certified Today
Data protection is, now more so than ever, enormously important and a hot topic today. A breach for your company could be harmful for both you and your clients, as such cyber security is now a responsibility rather than a luxury.
At Lily, with the means and expertise to elevate your cyber security, we are dedicated to keeping both you and your customers safe. Head over to our Cyber Essentials page to get a quote for your certificate and start the journey towards cyber security.