Almost every business in the UK is reliant on digital technology of some sort. And where there’s technology, there’s always risk. In the Essential Solution feature last week, you saw that in the 12 months from September 2021, fraud and cybercrime cost the country £4 billion. That’s not small potatoes by any means. While many SMEs believe that they are unlikely to be targeted by bad actors, that notion is foolish, a misunderstanding of the nature of modern cybercrime. Hackers love SMEs, as they are often under-resourced, have poor cybersecurity and are easy to exploit. And this is where the NCSC Cyber Essentials scheme saves the day. As stated on the NCSC website:

“Cyber Essentials helps you to guard against the most common cyber threats and demonstrate your commitment to cyber security.”

Who could ask for anything more?


There is much more. Both schemes – Cyber Essentials or Cyber Essentials Plus – offer key controls that include monitoring access control, malware protection, secure configuration/network management, firewalls, updating software and patching. But the benefits of being Cyber Essentials compliant also include:

  • paying less for your cyber insurance
  • being GDPR compliant
  • being eligible for government tenders and contracts
  • becoming a beacon of trust for your customers, suppliers and partners
  • differentiating your business


The Federation of Small Businesses recently found that only 10% of SMEs in the UK have cyber insurance. This starkly compares with the statistics reported by Global Data in June, claiming that 21% of UK micro-businesses had cyber insurance, compared to 40.1% of small businesses and 54.3% of medium businesses. Lindsey Nelson, cyber development leader at CFC Underwriting, has said:

“Our belief is that less than 15% of UK SME businesses purchase a standalone cyber product today.”

So while cyber insurance is within budget for corporations, for most SMEs it is financially out of reach. A paramount benefit of having Cyber Essentials certification is that your insurance premiums will be discounted. But here’s the best part. Once certified, your business is automatically entitled to an indemnity of £25,000 per data breach. There are two provisos, however. Your annual revenue must be under £20 million and you need IASME certification. This is the perfect solution for SMEs that don’t have any cover. You will also have access to a 24-hour hotline to report a cyber incident, including crisis management and incident response.


The GDPR, under the umbrella of the ICO, is not something to be messed with. In 2020, the UK’s data protection authority fined British Airways a massive £20 million, considerably less than the intended £183 million. While you might not be in the same league as the nation’s national carrier, in the event of your SME experiencing a data breach, you could be fined a maximum of £17.5 million or 4% of your turnover, whichever is greater. However, with Cyber Essentials certification, the ICO can easily determine the security procedures that you have in place and establish that you had taken all the necessary precautions. You may not be fined at all or the financial impact will be minimal.


Since October 2014, Cyber Essentials became a requirement for most UK public sector contracts. Put simply, if you want to tender for government contracts, you need the certification. Being able to bid on a UK Government contract is a massive opportunity for growth, especially for SMEs. Winning the contract not only promises a significant increase in turnover but you’ll also enhance your business reputation. Moreover, Cyber Essentials also means that you meet the level of cybersecurity required to work with the prestigious Ministry of Defence (MoD). In 2020/2021, the MoD placed 838 contracts with SMEs with a collective value of £1.2 billion, an increase of £200 million on the previous year.


Having Cyber Essentials certification will undoubtedly improve your credibility and reputation. It shows your customers and suppliers that you are committed to protecting their data and that you are being proactive against cybercrime. You’re showing all your partners that you care about the data that is being processed, managed and stored on your IT systems. Being recognised as a secure business to work with will also give you a competitive advantage in your industry. Two additional bonuses are

  • you can proudly publish the Cyber Essentials badge on your website and marketing materials
  • your SME will be listed on the NCSC database as being certified


Much like gaining respect in your industry and building on your reputation, having Cyber Essentials certification will differentiate your SME from the competition. You’ll have a recognised attestation of security that your can showcase to your current and prospective customers. The certification means you take cybersecurity and data protection seriously – you know and so do the people you do business with.


With 20+ years of experience in business IT management and support, cybersecurity and risk mitigation underpin almost everything that I do professionally. I know that businesses that don’t take their cybersecurity seriously go under, often blaming a lack of resources or technical skills. Those are simply excuses. Cyber Essentials is designed to give you baseline security and protection, adding value to your business and your reputation. Call me today and let’s get you certified.


On Wednesday, 26 October, the Head of Zhero’s R&D division, Professor Muttukrishnan Rajarajan (Raj) and Jamie Chamberlain will host an informal Q&A on Cyber Essentials and why the scheme is essential for your business. The event starts at 10 am and will run for about 30 minutes. Don’t delay – book your place today.

Leave a comment