APMG Cyber Essentials is the quickest and most secure way to get certified.
Cyber Essentials is an industry supported certification scheme developed by the UK Government. The certification scheme provides criteria for organizations to measure their cyber-security systems by measuring and implementing 5 key controls, that can prevent 80% of cyber attacks.
The government's Cyber Essentials page states: "Cyber criminals don’t just attack banks and large companies - they target any organisation which isn’t properly protected, even small businesses - like yours".
Cyber Essentials has numerous benefits for organisations looking to acheieve certification to the scheme.
- It's cost-effective. The standard cyber essentials certification with APMG will always be £300+Vat. When seeking out cyber insurance, a cyber essentials certificate for your organisation can significantly lower your premium.
- It's government endorsed. Cyber Essentials is a government endorsed certification scheme, which allows your organisation to bid for government contracts. We've seen an exponential increase in organisations making Cyber Essentials mandatory for their supply chain, especially for government sectors such as the Ministry Of Defence (MOD) or the Nuclear Decommisioning authority (NDA).
- Stand out from your competitors. By displaying the certification badge on your website, you are demonstrating to your clients that your organisation has met government standards to ensure measures in place for keeping the clients' information secure.
- Meet the new EU General Data Protection Regulation (GDPR) requirements. When the new GDPR rules reach the UK, organisations can be fined from the EU 4% of their annual global turnover if they suffer from a breach. Cyber Essentials implementation will help organizations meet the requirements.
The cyber space climate is such that instances of cyber security breaches are becoming increasingly frequent. Many organizations are making the wise move of implementing controls such as ISO27001 - but such efforts only constitute a single aspect of an over-arching cyber security strategy.
Cyber Essentials has been developed to address the need for government and wider industry to ensure that their partners and suppliers are implementing a standard level of cyber security. Certification in Cyber Essentials not only instils confidence in the organization achieving certification – but allows the organization to provide evidence to its customers and stakeholders that their assets and data are resilient against cyber threats.
- Boundary firewalls and internet gateways – prevention of unauthorized access
- Secure configuration – ensures secure system configuration
- Access Control – ensures appropriate access to systems
- Malware protection – installation and maintenance of virus and malware protection
- Patch management – application of patches and ensuring the latest version of applications is used
Cyber Essentials certification will provide a basic level of confidence that an organization has implemented cyber security controls effectively.
Cyber Essentials Plus builds on the Cyber Essentials foundations. Certification at this level tests whether the organization’s implemented controls are sufficient to protect against internet based threats. Achieving Cyber Essentials Plus certification is more challenging than achieving the standard Cyber Essentials certification, and includes a pen test to provide a higher level of assurance that the organization’s cyber assets are secure. Certification is valid for 12 months.
The standard Cyber Essentials certification must already be held in order to apply for Cyber Essentials Plus certification.
- Provides cost-effective, basic cyber security for organizations of all sizes
- Demonstrates that an organization meets one of the eligibility requirements when bidding for UK Government contracts
- Can reduce the risk of prevalent cyber-attacks on an organization
- Differentiate yourself from your competitors by demonstrating that you take cyber security seriously
The Defence Cyber Protection Partnership (DCPP) advocates Cyber Essentials as the first of four levels of Cyber risk. To cover all four levels, read about our Cyber Defence Capability Assessment Tool (CDCAT) which covers the Cyber risk level to 'high'.