Do You Know About Cyber Essentials?

28/11/23 Wavenet
Do You Know About Cyber Essentials?

A critical element to the longevity and survival of any business is that they adopt an all-encompassing cyber security and disaster recovery strategy. Advancements in technology mean that the world is becoming more digitised and, as this trend grows, cyber-crime grows alongside it. From customer service to communication and accounting, there is a heavy reliance on technology for many enterprise operations. From hosted desktops to cloud backup and virtualisation, software and computing has become integral for every business. But as companies have become savvier, so have the cyber-criminals looking for vulnerabilities – there have been instances where sophisticated hackers have been able to orchestrate attacks without disrupting a business’s day-to-day operations. 

When IT managers, business owners, MDs and CEOs embark on cyber-security awareness training and sign-up to Cyber Essentials, their employees are brought up to speed on their IT security procedures, best practices, and policies. They can then pass this training on to their employees, making sure that their colleagues are not only aware of these policies but can understand and follow best practices. 

What is Cyber Essentials? 

Cyber Essentials is a UK Government accreditation that is operated by the National Cyber Security Centre (NCSC). This information assurance scheme encourages SMEs and organisations to assume good practice in information and cyber security. There are two forms of Cyber Essentials: the initial Cyber Essentials accredited through the completion of a self-assessment form, and the more advanced Cyber Essentials Plus. 

Both consist of understanding and meeting five key cyber security controls. However, while Cyber Essentials is achieved through the completion of a self-assessment questionnaire, Cyber Essentials Plus involves being examined by an external, certified body on your premises. Due to this, Cyber Essentials Plus is particularly designed for those organisations with a more complex IT infrastructure. 

Why is Cyber Essentials important? 

No cyber security strategy will protect you 100% against a cyber-attack, but you can certainly put procedures in place to minimise the risk of one, and this is what the Cyber Essentials scheme aims to do. The accreditation has a tough base that helps to reduce the risk of these ever-growing cyber-attacks. 

A ransomware attack or serious data breach could have a detrimental impact on a company. From financial devastation to destroying their reputation, the effects of an attack should not ever be underestimated. When a business signs up to the Cyber Essentials scheme, they are required to self-assess their security against an assessor company’s questionnaire. Once they have completed the assessment, it is then verified and signed off by a senior executive. Every aspect of the company’s security policies will be scrutinised, uncovering weaknesses that will then get your employees thinking about cyber security. 

What’s worrying is that a staggering number of UK businesses are unaware of the Government-backed accreditation.  

Your Employees Pose the Biggest Threat 

But why should this be a concern? According to the Government’s Cyber Security Breaches Survey 2022, 39% of businesses experienced cyber security breaches or attacks over the last 12 months, and of those businesses, 56% held personal data on customers in the cloud. Alongside this, 90% of cyber-crime stems from human error, which means uneducated employees pose a huge risk to the security of your business. 

When there are schemes and methods out there to help prevent a data breach or attack, it is inexcusable for CEOs, MDs, IT Managers and Owners to claim ignorance in the world of cyber security.  

To put this in perspective, more than 333 billion consumer and business emails were sent per day in 2022, and this number is expected to rise to 393.5 billion by 2026. Alongside this, it is thought that 156 million phishing emails are sent every day, and of those, sixteen million will manage to surpass filters. Of the 10% that make it through the spam filters, half of them will be opened, and 10% of those click on phishing links. While only 10% of phishing emails make it through, unsuspecting victims are still opening these emails and clicking through, which means that malware is being downloaded onto business networks and infiltrating sensitive customer data. This begs the question - can a company really afford to go without a Cyber Essentials Accreditation?  

What’s Stopping Businesses Become Cyber Aware?  

Educating employees and understanding risk is crucial for businesses wanting to protect themselves against data breaches and cyber-crime, so what is stopping decision makers from getting a Cyber Essentials Accreditation? According to the survey, 67% of IT managers said that a lack of understanding of what this government-backed scheme was had stopped them applying. Alongside this, 29% said that they did not think it was important for their cyber security strategy, and 42% cited a lack of funds as the reason.  

While there’s clearly ignorance surrounding cyber security awareness, 81% of the businesses surveyed said that they were Cyber Essentials certified, and 69% reported that they understood the benefits of being so. Meanwhile, 84% said that having the accreditation helped them win more businesses. 

The benefits of Cyber Essentials Accreditation 

There is no denying that there is a clear case for IT decision makers to ensure that their business is Cyber Essentials certified. From helping you become GDPR compliant to reaffirming trust with your clients and customers, to scoring new business deals, the benefits of obtaining Cyber Essentials accreditation far outweigh the financial cost of it. 

Upgrading to Cyber Essentials Plus brings additional benefits. While Cyber Essentials shows your customers that you take cyber security seriously, Cyber Essentials Plus gives further validation to this, demonstrating that you can adhere to the requirements in practice and have the necessary measures in place. As this is verified by a third party, this shows that your organisation has an even higher commitment to security. 

Paul Colwell, Chief Technology Officer at Wavenet CyberGuard states:

“Here at Wavenet CyberGuard, we encourage companies to become Cyber Essentials certified since it can help protect against most common cyber-attacks. In 2023, it should be paramount that businesses who rely on technology protect customer and employee information - as well as their own. Becoming Cyber Essentials certified is a great start to implementing strong and secure cyber security practices.”

Get in touch with Wavenet CyberGuard and find out more about becoming Cyber Essentials certified today. 

Cyber Security

Latest blogs

See all posts
Placeholder thumbnail
You’re probably right about your security gaps, here’s how to prove it

Have you carried out your penetration testing yet? Whether the answer is yes or no, it’s vital to ask whether you’re testing the right things - or simply making assumptions.

Read more
cyber security
What is VAPT? A complete guide to Vulnerability Assessment and Penetration Testing

With cyber threats posing a serious risk to businesses of all sizes, attackers are constantly probing networks, applications, and systems for weaknesses - and unless organisations take proactive steps to identify and remediate those vulnerabilities, costly data breaches are increasingly likely.

Read more
Placeholder thumbnail
Business continuity software: from compliance tool to strategic advantage

For many organisations, business continuity software still sits in the category of “necessary but non-essential”, a line item justified by regulation or audit, rather than by value. Too often, it’s viewed as an insurance policy that rarely gets used and delivers little measurable return. That perception is understandable. But it’s also fundamentally flawed. After more than three decades working across business continuity, operational resilience, and crisis management, I’ve seen first-hand how organisations behave under pressure. I’ve also worked with a wide range of continuity platforms, some impressive, others far less so. What has become increasingly clear is this: when the right software is implemented well, it materially strengthens an organisation’s ability to withstand disruption. And the larger and more complex the organisation, the greater that advantage becomes. Clarity in the moments that matter most Disruption compresses time and amplifies uncertainty. In those moments, resilience is not about having a document on a shelf, it’s about having absolute clarity on what needs to happen next. When an incident unfolds, leaders and response teams must be able to answer critical questions immediately: What actions need to be taken, and in what order? Who needs to be informed, and what do they need to know? Which services are truly critical and must be prioritised? Where and how will those services be recovered? And if recovery isn’t possible, what is the agreed fallback? Most organisations already hold the answers to these questions, but they’re scattered across spreadsheets, documents, and systems, often owned by different teams and updated at different times. In a crisis, that fragmentation quickly becomes a liability. This is where business continuity software proves its value. At its best, business continuity software does far more than store plans. It helps organisations understand themselves. By capturing and structuring information on critical services, recovery objectives, and the dependencies that underpin them, these platforms provide visibility that simply isn’t achievable through manual approaches alone. Technology, suppliers, facilities, data, and key people can all be mapped in a way that shows not just what’s important, but why it’s important and what it depends on. This insight enables organisations to create clear, actionable response strategies, playbooks, and contact groups that can be relied upon under pressure. It also allows teams to challenge assumptions, identify single points of failure, and uncover hidden risks before an incident exposes them. Many modern platforms also support real-time dependency analysis and data-gap reporting. This makes it possible to visualise upstream and downstream impacts and quickly understand the consequences of disruption. Attempting this level of analysis using spreadsheets or disconnected documents is slow, inefficient, and highly prone to human error, particularly during an incident. A single source of truth, when you need it most Another often overlooked benefit of business continuity software is the ability to act as a central, trusted source of truth. When offices are inaccessible, internal systems are unavailable, or teams are working remotely, continuity information still needs to be accessible. Secure, off-site platforms, typically available via both web browser and mobile, ensure that plans, contacts, and response information remain available even when the organisation itself is under strain. In practice, this accessibility can be the difference between a coordinated response and a reactive scramble. How business continuity software supports resilience Increasingly, business continuity software is being used not just to support response, but to underpin broader operational resilience objectives. Platforms such as Shadow-Planner, for example, are designed to help organisations move beyond static documentation and treat resilience as a living capability. By bringing together critical service identification, dependency mapping, recovery planning, and crisis response within a single environment, such tools help organisations maintain a clear, current view of their operational risk landscape. Used effectively, business continuity software supports better decision-making, clearer accountability, and faster mobilisation during disruption. It reduces reliance on individual knowledge, simplifies complexity, and helps ensure that the right information is available to the right people at the right time. Key takeaways Business continuity software should not be viewed as a compliance artefact or an emergency-only tool. When implemented and maintained properly, it becomes a strategic enabler, one that reduces risk, strengthens preparedness, and supports confident, coordinated action when disruption occurs. In an environment where resilience is increasingly scrutinised by regulators, customers, and boards alike, the real value of these platforms lies not in the software itself, but in the organisational clarity they enable. The right business continuity software doesn’t just help organisations respond to incidents. It helps make them stronger. By embedding resilience into everyday operations, it improves visibility of critical services, keeps plans accurate and actionable, and supports better decision-making. Business continuity becomes part of how the organisation operates, not just something it turns to in a crisis. About the author Colin Jeffs MBCI transitioned into business continuity from IT project management, where resilience was a core requirement of system implementation. He has over 30 years’ experience in business continuity, operational resilience, and crisis management, holding senior leadership roles within major financial institutions in the City of London. Colin now leads Wavenet’s award-winning operational resilience consulting and software division and co-designed the latest version of Shadow-Planner.

Read more
Placeholder thumbnail
What is XDR? The benefits of managed XDR for cyber security

What does XDR stand for? XDR stands for Extended Detection and Response. It is an integrated cyber security approach designed to deliver comprehensive visibility across an organisation’s entire IT environment.

Read more
managed soc
What is a Managed SOC? Key benefits and how it protects your business

With cyber security threats evolving at an unprecedented pace - businesses face constant challenges in safeguarding their data and systems. Managed Security Operations Centres (SOCs) offer a solution to these challenges. They provide round-the-clock monitoring and management of security incidents. This service is crucial for businesses aiming to protect their assets.

Read more
colocation-services
Major business benefits of colocation: cost, efficiency, security & continuity

Managing servers and infrastructure can be costly and complex. Colocation services offer a strategic solution.

Read more

Stay service-savvy

Get all the latest news and insights straight to your inbox.