WIREDGOV

Overhaul of the technical control requirements reflect the changes in the way organisations are now working.

• Update represents biggest change to the Cyber Essentials scheme since it was launched in 2014
• Scheme revised in response to evolving cyber security challenges and increased threat of ransomware that UK businesses now face
• Speed of digital transformation, increased adoption of cloud services and home working key factors in updating the scheme

ORGANISATIONS in the UK are today (Monday) set to benefit from a refreshed government-backed scheme which supports them to protect against the majority of cyber attacks, including ransomware.

Cyber Essentials, which is developed by the National Cyber Security Centre – a part of GCHQ – and delivered by IASME, is a certification scheme that supports organisations of all sizes to guard against online threats and demonstrate a commitment to cyber security to customers and stakeholders.

It has been updated following a major technical review which will help organisations maintain their minimum cyber hygiene in an evolving threat landscape. Amongst the main changes are revisions to the use of cloud services, home working, multi-factor authentication, password management, and security updates.

Through the Cyber Essentials scheme, businesses can learn how to defend themselves by securing internet connections and devices, controlling access to data, and understanding how to protect against ransomware.

The benefits of achieving certification include being able to reassure customers that the data held by an organisation is resilient to an attack, the ability to attract new business with the promise that cyber security measures are in place, and having a clear picture of your cyber security level.

Chris Ensor, NCSC Deputy Director for Cyber Skills and Growth, said:

“The landscape in which organisations are operating in cyber space is constantly changing, and this major refresh of the technical controls reflects the cyber security challenges of today.

“We've strengthened the Cyber Essentials scheme so that it continues to meet evolving threats and the increased risk of ransomware, and I would encourage UK businesses of any size to take part in order to protect themselves from the most common attacks.”

Many of these changes have been developed by the NCSC based on the feedback of assessors and previous applicants to the scheme, as well as consultation with the Cloud Industry Forum. 

From today, the refreshed Cyber Essentials scheme will also incorporate a renewed pricing structure which better reflects the increasingly complex nature of assessments for some organisations. 

Achieving Cyber Essentials certification allows businesses to 

• reassure customers that they have put measures in place to secure their IT against cyber attacks; 
• attract new business with the promise they have independently verified cyber security measures in place; 
• have a clear picture of their cyber security level, and; 
• apply for some government contracts which require Cyber Essentials certification. 

More information for businesses on how to achieve Cyber Essentials certification can be found on the IASME website. 

The NCSC's Head of Commercial Assurance Services, Anne W, has written a blog post outlining the latest changes to Cyber Essentials.