The Impact of Cyber Essentials: a ten year evaluation
The Government has carried out an evaluation of Cyber Essentials, a long-standing cybersecurity initiative first introduced in 2014. Here we detail the main points but if you’d like to read the report you can find it here.
Key Points:
- Cyber Essentials operates as a partnership between the Department of Science, Innovation and Technology (DSIT) and the National Cyber Security Centre (NCSC), facilitated by IASME Consortium Ltd (IASME).
- 27,027 unique Cyber Essentials certifications over its’ lifetime and an additional 8,407 organisations certified with Cyber Essentials Plus as of May 2023. Although uptake remains relatively low, the rate of adoption is steadily increasing.
- The challenge of increasing Cyber Essentials adoption, considering the low uptake rate relative to the UK’s 1.1 million employing organisations.
Main Conclusions:
- Most organisations adopt Cyber Essentials in response to specific incidents, indicating a reactive approach rather than proactive cybersecurity measures.
- It is important to promote the dangers and risks associated with cyber threats to raise awareness and emphasise the need for proactive cybersecurity practices.
- Cyber Essentials has contributed to improving cyber behaviours, but opinions on the value for money remain divided.
- Recognise the substantial obstacles faced by both large and small organisations in meeting the technical controls required by Cyber Essentials.
Recommendations:
- Increase awareness of cyber threats and provide organisations with informed choices about suitable cybersecurity solutions.
- Improve the availability of comprehensive information, tools, and guidance related to Cyber Essentials, empowering organisations to navigate the certification process more effectively.
- Provide tailored support for organisations by developing customised information and marketing materials to cater to the specific needs of organisations of different sizes and types.
- Consider adapting the Cyber Essentials scheme to be more responsive to the evolving needs of current users, ensuring its continued relevance and effectiveness.
By addressing these findings Cyber Essentials can better equip organisations to navigate the evolving cybersecurity landscape and protect themselves against emerging threats.
If you’d like help to achieve Cyber Essentials or Cyber Essentials Plus give Cyber & Data Protection Limited a call on 01743 644404.