Cyber Essentials â the new Government scheme every CEO should consider | DMA

Filter By

Show All

Connect to


Cyber Essentials â the new Government scheme every CEO should consider

Cyber space has revolutionised how many of us live and work. Now more than ever before companies need to protect key information assets or risk having their reputations damaged and customer trust eroded. Over the summer the Government –or more specifically the Information Security Arm of GCHQ, launched a new scheme – Cyber Essentials to provide all sizes of business with clarity on good basic cyber security practice. It’s as the name on the tin suggests – basic essentials – appropriate for your business.

There are 2 levels to the scheme – Cyber Essentials which only requires an organisation to complete a self-assessment questionnaire with responses independently reviewed by an external certifying body and Cyber Essentials Plus where tests of the systems are carried out by an external certifying body, using a range of tools and techniques.

Organisations that have been successfully independently assessed or tested through the scheme’s assurance framework will attain a Cyber Essentials certification badge.

In brief the scheme defines a set of controls which, when properly implemented, will provide organisations with basic protection from the most prevalent forms of threats coming from the Internet. In particular, it focuses on threats which require low levels of attacker skill, and which are widely available online.

Risk management is the fundamental starting point for organisations to take action to protect their information. For those companies who already have the DMA’s DataSeal or ISO27001 most of the requirements are already covered. In brief the scheme focuses on Internet-originated attacks against an organisation’s IT system.

Cyber Essentials concentrates on five key controls. These are:

1. Boundary firewalls and internet gateways - these are devices designed to prevent unauthorised access to or from private networks, but good setup of these devices either in hardware or software form is important for them to be fully effective.

2. Secure configuration – ensuring that systems are configured in the most secure way for the needs of the organisation

3. Access control – Ensuring only those who should have access to systems to have access and at the appropriate level.

4. Malware protection – ensuring that virus and malware protection is installed and is it up to date

5. Patch management – ensuring the latest supported version of applications is used and all the necessary patches supplied by the vendor been applied.

The self assessment questionnaire is available on the link below. file:///C:/Users/christine.andrews/Downloads/cyber-essentials-common-questionnaire.pdf

Costs for the Cyber Essentials assessment are around £300

The benefits of managing risk in this way should be a no brainer for most boards however big or small.

Christine Andrews is a member of the DMA Data Council and Chairs the Data Governance Hub

Hear more from the DMA

Please login to comment.


Related Articles

Just like the beautiful game of football, in marketing teamwork and strategy (as well as skill) are what helps you achieve victory.


RedEye's Technical Operations Manager, Justin Oakley, gives us an insight into the Web3 evolution by explaining what is blockchain, how are smart contracts used for transactions, your digital wallet and examples of the new digital craze of NFT’s.


Pop-up shops, sustainable marketing, loyalty programmes and hyper-personalisation are just a few of the changes impacting consumer spending and buying behaviour. Find out what retail trends to keep in mind!

CD_SG - Social Template - Retail Webinar OD.png

Economic pressures have plagued households for several years, with brands facing the challenge of engaging consumers who are more budget-conscious than ever before. As a result, brand loyalty has sharply declined, with 61% of consumers being less likely to stick with brands in 2023 compared to 41% in 2022.

Cost of Living Exit Strategy Report 20244