Skip to main content

Why do London based businesses need Cyber Essentials? A Q&A with Baseel

Our mission at the Cyber Resilience Centre for London is to support the City’s small business community to develop better cyber resilience, helping to protect our national economy. You might have heard about Cyber Essentials, but you may not be sure about what it means or how it can help you. 

We sat down with one of our Cyber Essentials Partners Baseel to find out everything you need to know about the Cyber Essentials Certification scheme – why your organisation needs it and how you can achieve this. 

Can you give us a brief overview of the Cyber Essentials (CE) scheme?

Cyber Essentials is a scheme to help organisations protect themselves against cybercrime and includes a set of basic technical tools and processes that can guard against the most common cyber-attacks. 

Cyber Essentials provides a basic (minimum) level of protection in cyber security and there is an annual assessment to maintain the CE Certificate. 

It covers these major controls:

  1. Usage of Firewalls and Internet gateways (Boundary Firewalls) 
  2. Maintaining secure configuration of your computer equipment 
  3. Controlling user accounts and restricting use of administrative accounts (Access Control) 
  4. Protection against Malware 
  5. Keeping Software versions up to date (Patch management)

Why is it so important for SMEs to have Cyber Essentials?

CE helps organisations to mitigate the cyber risks with updated software and properly configured firewalls. 

It prepares organisations to be GDPR compliant, thereby saving the company heavy fines which would have been levied otherwise if it would have failed to protect the personal data against theft and unauthorised access. 

It establishes the trust of vendors and partners and makes them aware that security of systems and integrity of data is taken very seriously. 

CE compliance also makes the organisation eligible to bid for government contracts (which is mandatory by the UK Government)  

How do SMEs get the Cyber Essentials Certificate?

The certification process involves 3 steps:

  1. Creating an account on IASME Portal by paying a fee for Cyber Essentials Certification 
  2. Completing the Cyber Essentials ‘Self-Assessment Questionnaire’ and upload for review by Certified Assessor (Certification Body) 
  3. Once self-assessment questionnaire submission is approved, IASME will share the certificate. 

How much does Cyber Essentials cost?

Certification cost varies as per the organisation size:

Micro Organisations 0-9 Employees   £320 + VAT       

Small Organisations 10-49 Employees £440 + VAT    

Medium Organisations 50-249 Employees £500 + VAT    

Large Organisations 250+ Employees £600 + VAT  

Is there anything else you would recommend on top of Cyber Essentials?

After successful completion of CE, organisations can go for Cyber Essential Plus certification which is quite similar to CE but includes a technical testing of the environment. 

Organisations can also opt for IASME Cyber Assurance which focuses on additional areas such as Data Protection, Supplier Assurance, Risk Management.

 

Huge thanks to the team at Baseel for this handy Cyber Essentials explainer! 

If you’d like to get in touch with Baseel, you can contact them by emailing This email address is being protected from spambots. You need JavaScript enabled to view it. or calling their contact number +44 (0) 20 7993 2558 

 

Read on for additional sector specific information for those of you in legal, education, or charity organisations. 

Cyber Essentials for Legal Organisations

  • Cyber security breaches are the biggest threat to law firms after COVID 19 (PWC) 
  • RLA alerts for fraudulent activity are up 147% from the same period last year (SRA and Lawyer Checker) 
  • 1 in 6 firms attacked said that its survival was threatened (Hiscox Cyber Readiness Report 2021) 
  • “For a firm there can be significant reputational, resource and longer-term financial impacts of being caught up in a cybercrime incident” (SRA Cyber Security Thematic Review) 
  • 100% of sample firms surveyed by the SRA said they and/or their clients had been targeted by cyber criminals over the previous three year period (SRA Thematic Review) 
  • ¾ of firms had been a target and 23 attacks had resulted in the theft of £4m client money (£400,000 of which had to be repaid by firms). One firm lost £150,000 of billable hours! 

Cyber Essentials for Education Organisations

58% of secondary schools and 36% of primary schools have reported a breach or an attack in the last 12 months. 

A third of schools that suffered a breach lost control of their systems, data or money. Even if there was no material loss following an attack, the majority of schools had to allocate staff resources to deal with the breach. 

Ransomware has become one of the biggest threats to schools in the last year, occurring with increased frequency and causing widespread disruption. 

Cyber-attacks bring the regular risks of malware and data theft, but schools are particularly vulnerable to the online safeguarding risks that threaten children: 

  • Exposure to sexually explicit, racist, violent and extremist content.
  • Inappropriate contact from people who may wish to abuse, exploit or bully.
  • Students themselves engaging in harmful online behaviour.

Cyber Essentials for Charities

Charities are sitting on a data treasure trove. Valuable information on beneficiaries, supporters and volunteers as well as invoice and payment details can be sold by cyber criminals and used to identify other targets. In the present digital, post-COVID age, trust and cyber security are interwoven. By achieving Cyber Essentials, a charity can demonstrate commitment to cyber security and protection of customer data. Charity Cyber Essentials Awareness Fortnight is about raising the profile of Cyber Essentials to charities and supporting them with guidance to help them through their journey to certification. 

Written by:
Tierney Kimmins-McLoughlin
17 April 2024