What is Cyber Essentials Plus?

Believe it or not, across all UK businesses, there were approximately 2.39 million instances of cyber crime in the past 12 months. 

Yet, despite this, only 14% of businesses are reported to be aware of the Cyber Essentials scheme – which is specifically designed to help protect and safeguard businesses from around 80% of the most common cyber attacks. 

For some, cyber security may not be at the top of the list of priorities – whether it’s due to expense, lack of time and resource, or simply juggling more pressing issues. 

However, in an increasingly digital world, taking precautionary steps to protect your business from cyber crime is increasingly necessary.  

This security is exactly what Cyber Essentials Plus is designed to help you achieve – and it will give you that much needed peace of mind that your systems are secure and ready to face the threats to your business that may be lurking online. 

What’s the difference between Cyber Essentials and Cyber Essentials Plus? 

Cyber Essentials is an effective UK Government-backed scheme designed to help protect organisations, whatever the size, against a wide range of the most common cyber attacks. A self-assessed certification, it measures an organisation’s level of cyber security against five essential, basic controls: 

1. Firewalls
2. Secure configuration
3. User access controls
4. Malware protection
5. Security update management 

Through a self-assessment and questionnaire, businesses can be accredited the Cyber Essentials certification to showcase a basic level of cyber awareness and cyber security best practices. 

Where Cyber Essentials Plus comes in is as an extra level of security. The certification covers the same five basic principles, but with the additional layer of an external assessment involving a technical audit of your organisation’s systems. Where you can still pass with one or two non-compliances with the standard Cyber Essentials assessment, for Cyber Essentials Plus you will have 30 days to remediate before you can pass – making the requirements for the certification far more stringent and thorough. 

As part of the process, a qualified and independent assessor will examine the five controls, and simulate basic hacking and phishing attacks to test the system’s security.  

It’s a little more in-depth than Cyber Essentials, but the benefits of the extra certification are significant – especially for organisations that wish to bid for central government contracts.  

What are the benefits of a Cyber Essentials Plus certification? 

Of course, the most obvious and significant benefit of the Cyber Essentials Plus certification is the additional layer of security it offers your business.  

From SMEs to enterprise-level organisations – every business is at risk of cyber attacks. As most attacks look to exploit basic weaknesses such as outdated software or poorly configured firewalls, taking the time to identify and plug any gaps could save you significant costs and damage. 

With the comfort of an external assessment from a cyber security expert, you can rest assured that your business is as protected as it can be from the dangers online.  

 However, the benefits don’t stop there: 

1. Customer reassurance

As business is increasingly conducted online, customers can be understandably wary about the security of their personal data. From transaction details to addresses, birth dates and even medical records – almost all of our personal data is stored online. 

As such, customers need peace of mind that the companies they interact with have measures in place to protect their personal data – be it from data breaches, or any other cyber threats. 

If existing and prospective customers can see that your organisation has taken steps to better protect the business and the sensitive data it handles, it provides much-needed reassurance and could potentially attract new business in the long term. 

 2. Enhanced organisation-wide IT awareness

Cyber security starts with your employees – specifically, your employees’ level of cyber awareness and understanding of best practices. You can have all the best protection software installed, but if your employees are unaware of basic cyber security best practices, you will remain vulnerable. 

As part of the Cyber Essentials Plus certification, your organisation will have to showcase best practices, risk mitigation and basic defence systems that protect against the vast majority of common cyber attacks. In doing so, your teams will be educated on the importance of cyber security, how to identify a potential security breach, and what to do in the face of a cyber attack. 

This increased level of cyber awareness will help to keep your business protected for years to come. 

 3. The ability to bid for central government contracts

If you wish to bid for central government contracts that handle sensitive information or the provision of certain technical products and services, you will need to be Cyber Essentials certified.  This simply assures that your organisation is properly equipped to be handling sensitive data. 

 Contracts that require a Cyber Essentials certification include those that: 

• Deliver IT services designed to process, transfer or store data at an official level. 
• Handle the personal information of any UK citizens. 
• Handle government employees’ personal information, e.g. expenses or payroll. 

Of course, while it isn’t obligatory to take the additional Cyber Essentials Plus certification to partake in bidding, it can certainly offer your business a strong differentiator in what can often be very competitive markets.  

 4. Obtaining cyber insurance

Once you have the Cyber Essentials Plus certification, as a business you are entitled to automatically receive £25,000 in insurance if your annual turnover is under £20 million – helping small to medium-sized businesses gain peace of mind that, should a cyber attack slip through your defences, you have the financial cover you need to rectify any damage caused. 

How do I become Cyber Essentials Plus certified? 

The easiest way to navigate the Cyber Essentials journey is to have an experienced partner by your side. Our experts at Arc Systems are well-positioned to guide you throughout the process, helping you to prepare and pass each certification as smoothly and seamlessly as possible.  

The first step is to ensure you have received a base-level Cyber Essentials certification within the past 3 months. During this initial assessment, you will be asked to complete a questionnaire about your IT infrastructure. Upon completion, you will be notified if you passed. If not, you will have 3 days to fill any gaps that were identified, and re-submit the application with no extra costs. 

Once you have acquired an up-to-date Cyber Essentials certification, you can then apply for Cyber Essentials Plus, which our experts can help you to prepare for to ensure the best possible outcome.  

We’ll get you in touch with the certification body, who will then conduct either a remote or on-site assessment, and you will have 30 days to rectify any weaknesses identified. Once you have passed the test, you will then be CE Plus certified for the next 12 months – after which you will need to renew the certification. 

Ready to take the next step on your cyber security journey? Book your Cyber Security Review with our team to find out more about Cyber Essentials Plus, whether it’s right for your organisation, and how we can help you prepare for an upcoming assessment.