What are the commercial opportunities with Cyber Essentials?
Is Cyber Essentials all about security, or are there commercial benefits too? The truth is, they’re one and the same. By working your way through the Cyber Essentials Checklist, you make sure that the fundamentals of your cyber security are solid, which is as commercial as any of your business initiatives.
Here’s how Cyber Essentials supports business growth.
Cyber Essentials protects your margins
The average cost of a cyber attack in the UK is now £15,300. With all the potential downtime, fines, ransomware payments (if you pay them), and cost of assistance in resolving cyber breaches, most businesses find inadequate cyber security to be an unacceptable risk.
Cyber Essentials assesses that you have the basics in place, and that there aren’t any glaring holes in your security through which a threat can easily enter. Just by having security fundamentals, you’re a less attractive target.
There is also the added benefit that if your turnover is over £20 million and you have a Cyber Essentials certification, you automatically have £25,000 of cyber insurance. So if there is a breach, your certification can cover at least some of the associated costs.
Cyber Essentials attracts new customers and broadens your potential client base
If you have Cyber Essentials, you have a competitive edge.
Businesses are increasingly conscious of supply chain security, and are asking prospective partners to prove their security credentials as part of their wider cybersecurity audit. Only 6% of businesses have the certification, so you probably have something that your competitors don’t.
If you also target the public sector, Cyber Essentials is a minimum requirement for some government contracts. Even for tenders that don’t specifically require the certification, having it will give a better impression of your bid.
Cyber Essentials helps you retain customers
In the same way that prospective customers may expect you to have Cyber Essentials, your existing clients may be undergoing a cybersecurity audit, and expect some demonstration of your cybersecurity. Anyone who is undergoing that kind of audit will almost certainly recognise Cyber Essentials, so having it means you have a very quick and easy way to provide the reassurance that your clients need.
On the subject of supply chain security, having a Cyber Essentials level of security can prevent attacks from getting to your clients through you. Any breaches or incidents that you’re ‘responsible’ for can sour your commercial relationship, and a client might prefer to take their business elsewhere.
If you do have Cyber essentials, it’s not a guarantee that nothing will get through, but it can lessen the fallout of an attack. The fact that you have the certification might not make the immediate situation any easier for your client, but in a debrief or a ‘post-mortem’ on the breach, you will at least be able to demonstrate that you had done your due diligence on your cyber security. That will make it harder for the client to hold the attack against you.
How to work through your Cyber Essentials Checklist
There are five areas that the Cyber Essentials measures.
- Firewalls
- Secure configuration
- User access control
- Malware protection
- Security update management
You can read more about the requirements here, and if you’d like an expert, outsider assessment of how far you are from meeting the Cyber Essentials criteria, you can book a cyber security review here.
At Arc, we offer a comprehensive cyber security assessment, to show you where you need to tighten your security measures, and help you make the changes you need to confidently apply for your Cyber Essentials certification.