Cookies policy

The SRM website uses cookies to store information on your computer. By continuing to browse this website you are agreeing to our use of cookies. Learn more

The cookies stored on your computer when using the SRM website are used to anonymously record your usage of the website using Google Analytics.

Please read our privacy policy for further information.

Cookies accepted

Thank you - you've accepted our cookies policy.

Cyber Essentials

Cyber Essentials (CE) is a government-backed, industry supported scheme to help organisations protect themselves against common cyber attacks.

Not only does CE certification promote the proactive safeguarding of business assets and customer information, it also demonstrates to all potential business partners and customers that that cyber security is taken seriously.

In some cases, CE certification is mandatory: since 1st October 2014 it has been required for any business currently holding or seeking to obtain HM Government contracts.

The process to CE certification involves several steps. Firstly, a company needs to complete a basic checklist that contains best practice security controls. This is then endorsed by a senior management representative before being reviewed by an independent Certification Body. Once passed, the application is assessed by one of four Cyber Essentials accreditation bodies appointed by the UK Government to determine that it meets all necessary criteria, and if it does, the business will be certified under the Government’s Cyber Essentials Scheme.

Certification is valid for one year and therefore needs to be renewed annually. The Basic Cyber Essentials certificate is a pre-requisite to Cyber Essentials Plus.

Why opt for Cyber Essentials certification?

It has been estimated that 70-80% of all cyber breaches could have been avoided if companies had implemented very basic information security controls.

For example, even at ‘administrator’ and ‘super user’ levels, the passwords used to access systems are often extremely week and easily guessed. In some instances vendor supplier defaults are still present on devices installed in a live environment. But for cyber attackers, determining the default access criteria is relatively easy and can be found on the internet with a simple google search.

Financial losses from theft of information is invariably more than expected. The average cost of the worst security breaches is estimated at between £65,000 and £115,000. Yet the potential impact of such a breach on the reputation of a business is likely to cost even more.

What to do next

CE certification consists of undertaking an assessment against five basic areas of information security controls. These areas have been deemed to be those that, if appropriately implemented, will provide an acceptable level of protection from non-professional hackers with utilities readily available online.

The five controls are:

  • Boundary firewalls and internet gateways

    Boundary firewalls and internet gateways

  • Secure configuration

    Secure configuration

  • Access control

    Access control

  • Malware protection

    Malware protection

  • Patch management

    Patch management

SRM is a certified body to assess and assist in the Cyber Essentials certification procedure. When working with a business on Cyber Essentials certification we work in full collaboration with our clients, providing resource and support as required.

Contact us

  • This field is for validation purposes and should be left unchanged.

Thanks, we've received your details.

We'll be in touch shortly to discuss your requirements. In the meantime, please download your exclusive free copy of SRM's Guide to Cyber Essentials below.

Download your free copy