Preparation for Cyber Resilience

Some IT people find the Cyber Essentials guidance intuitive; many business people find the language and concepts more demanding. We are here to support businesses! over 250000 certificates have now be awarded, but some businesses do fail. Prepare well, and that won't be you.

It is normal for a business to take the Cyber Essentials assessment and be told by the assessor that they have a small number of corrections to make, and they are given a small window of time. Few get it completely right first time. What a business would not want, however, to do is take Cyber Essentials and then comprehensively fail it. 

To prepare businesses for assessment, we offer microbusinesses a service of 30 minutes free discussion, with a follow-up and a clearly written set of "do's and don'ts". Extra time and consultancy beyond this is available, but will be charged at the normal consultancy rate. After the 30 minutes, we point businesses at the self-help facilities available on the IASME website.

We are a Certification Body (the only one in South Devon) and do plenty of assessing ourselves. If you sign up for assessment through us, rather than through IASME, you'll get our friendly and comprehensive service right through to certification, and on to cyber essentials plus (within 90 days) if you so wish.

Cyber Assurance is a comprehensive, flexible and affordable cyber security standard. This provides assurance that an organisation has put in place a range of important cyber security, privacy and data protection measures. It aligns directly with the UK Government’s 10 steps to Cyber Security with additional Data Privacy controls and offers smaller companies within a supply chain a ‘right sized’ approach to show their level of information security for a realistic cost.

Important cyber security measures are included such as assessing and managing risk, training people and setting practical policies and procedures. Key resilience strategies are covered and include backing up data, business continuity planning and incident response. Legal and regulatory requirements are also addressed such as your country’s implementation of GDPR (in the UK this is the Data Protection Act). Furthermore, the IASME Cyber Assurance standard was developed over several years during a government funded project. This was in order to create an affordable and achievable alternative to the international standard, ISO 27001. You must have Cyber Essentials first in order to achieve Cyber Assurance.

At Level 2, Cyber Assurance maps well to ISO27001 for Cyber Resilience. A separate page describes this product, and the path to ISO27001.

This only applies to UK organisations.

Any organisation with less than £20 million turnover that achieves Cyber Essentials is entitled to cyber liability cover, for claims up to £25000. This is a thank you for making your systems safer, and less likely to be hacked... and therefore less likely to make an insurance claim. In short, it means you are "lower risk". This is backed up by statistics that show that those with Cyber Essentials are 93% less likely to make a claim.

For a microbusiness, £25000 cover may be adequate. If it is a small business that is part of a supply chain, the liability could turn out to be higher. Insurance premiums can easily be extended at modest cost, to provide greater cover.