Almost two-thirds (64%) of Cyber Essentials users agree that being certified through the scheme better enables their organisation to identify where they experience a common, unsophisticated cyber attack.
Cyber Essentials is a government scheme that provides guidance and auditing on security measures that prevent organisations falling victim to cyber attacks that exploit basic IT vulnerabilities. These include measures such as installing firewalls to protect a company’s network and implementing malware protection to safeguard systems against malicious software.
The survey, conducted by Pye Tait Consulting for the Department of Science, Innovation and Technology (DSIT), reported that Cyber Essentials users rate their level of concern about potentially falling victim to a cyber attack at 5.8 out of 10 – significantly higher than organisations that had never obtained certification (3.7 out of 10).
According to DSIT, there is greater risk awareness among users, fuelling a heightened sense of concern about the potential threats around them.
Based on a poll of 606 respondents, Pye Tait Consulting’s survey found that Cyber Essentials users rate the perceived significance of impact on their organisation more highly than organisations that had never obtained Cyber Essentials in terms of the reputational, financial and legal effects. DSIT said this suggests the combination of being better informed and more concerned means users are more appreciative of the potential impact of an attack for their organisation.
The survey results tie in with the 10th anniversary of the cyber security scheme. “Cyber Essentials has been central in protecting UK businesses and organisations from cyber threats by providing straightforward, effective protections that stop the vast majority of attacks,” said Feryal Clark, minister for artificial intelligence and digital government.
“As we mark its 10th anniversary, I urge more businesses, organisations and their suppliers to adopt Cyber Essentials. With the number of threats we face online continuing to grow, it’s a vital tool for any organisation to make sure they can stay safe and secure.”
Discussing the UK threat landscape, NCSC deputy director for cyber growth Chris Ensor said: “As the cyber threat landscape evolves, attackers continue to exploit the same vulnerabilities which they targeted back in 2014, when the Cyber Essentials scheme was first launched.
“That’s why I strongly urge all organisations to make Cyber Essentials a foundational part of their cyber resilience.”
In a recent Computer Weekly article, former Dorset Police cyber crime detective sergeant Adam Pilton said: “In the broadest possible terms, Cyber Essentials has been successful. This is because it has helped many organisations get cyber security basics in place.”
Pilton, who is a cyber security consultant at CyberSmart, noted that there is still less awareness among smaller businesses of cyber security best practices.
“SMEs are chronically under-serviced, and their concerns from a security perspective do not generate the same kind of attention as those of an enterprise,” he said. “As such, the educational work around Cyber Essentials, and SME security more generally, hasn’t been done to the same level as it has for enterprise organisations. This means the perception of security as ‘too complex’ for small businesses persists.”