Skip to content
  • Home
  • Lorca Live Event
    • Register
    • Agenda
    • Speaker spotlight
    • Live broadcast
  • Workshops
  • Innovators in Residence
  • 2020 Highlights
  • About LORCA
    • LORCA for Enterprise
LORCA Live
29TH - 31ST MARCH 2021
#lorcalive21
  • REGISTER
  • /
  • SIGN IN
  • Home
  • Lorca Live Event
    • Register
    • Agenda
    • Speaker spotlight
    • Live broadcast
  • Workshops
  • Innovators in Residence
  • 2020 Highlights
  • About LORCA
    • LORCA for Enterprise

Emerging challenges

Back
Partner content
Dell Technologies
Scott McKinnon

Scott McKinnon

Security Architect
VMware
SHARE ON TWITTER
SHARE ON LINKEDIN

What early-stage organisations need to know about deploying Cyber Essentials to manage supply chain risk

Cyber Essentials is a UK government-backed scheme designed to assist organisations in deploying a minimum set of cybersecurity controls. Not only does adherence to the scheme help protect against a common set of cyber attacks, but it raises the metaphorical security bar and is also a public demonstration of a commitment to better cyber hygiene practices through a formal assurance scheme recognised across many different industrial sectors.

Cyber Essentials comes in two different forms: Cyber Essentials and Cyber Essentials Plus. Cyber Essentials itself is a self-assessed questionnaire, attested to by a senior member of management, that proves your organisation has considered a credible set of base-level cyber controls and best practices. It allows you to think about threats, adopt simple but effective protections and reduce the risk level for the organisation as a whole.  

The questionnaire covers items like:

  • organisational details and contacts
  • the scope of assurance coverage
  • best practices for internal/external boundary devices
  • best practice for servers, clients and mobile computing devices

Cyber Essentials Plus is based on the same set of security practices and controls as Cyber Essentials, but adds an external third-party validation of responses and includes some on-site testing. The testing covers areas like end user and internet-facing systems vulnerability scanning, file-based email and download.  

The scheme operates on a continuous basis; an organisation is accredited for 12 months at a time and will have to renew annually. This operational model drives visibility and accountability as part of a continuous improvement process: statements made, reflect current operations and management understanding of the business risk.

The benefits of formal accreditation

There are many benefits of taking such an approach with formal accreditation. It enables you to understand the current position of your organisation with regards to cybersecurity controls and gives management visibility of the business risk associated with operations as they are today. Being able to independently demonstrate that cybersecurity as part of supply chain risk is an actively managed element of the organisation’s operations can help generate customer confidence. Many government customers – and increasingly other regulated industries – are demanding evidence of Cyber Essentials for procurement processes. And finally, existing customers can draw confidence from partnering with organisations that manage risk to an appropriate level.

Companies – including startups and SMES – should consider adopting the Cyber Essentials scheme as part of a wider consideration of supply chain risk. Trust is crucial in business-to-business and business-to-consumer relationships, and being able to demonstrate that you’re actively managing your cyber risk will help early-stage companies acquire new customers. Cyber Essentials compliance should be part of what early-stage organisations implement to protect their own – as well as customer – information in what is a critical business development phase.

Cyber Essentials itself is relatively low-cost: the questionnaire is free and registration to the scheme once complete is £300 + VAT. Cyber Essentials Plus, which involves on-site testing, will be more expensive.

RELATED CONTENT

Article / Education and skills

WATCH BACK: LIVE BROADCAST ON TALENT AND DIVERSITY

21.09.2020
Article / Growing UK cyber

WATCH BACK: LIVE BROADCAST ON SCALING CYBER STARTUPS AND THE INVESTMENT LANDSCAPE

17.09.2020
Article / The COVID-19 risk landscape

WATCH BACK: LIVE BROADCAST ON NATIONAL SECURITY, COVID-19 AND STARTUP INNOVATION

18.09.2020
Article / Emerging challenges

How can we secure identities in the era of the digital citizen?

09.09.2020
Article / Emerging challenges

How to think about cloud security governance

09.09.2020
Article / Emerging challenges

Data ethics and the user experience: in conversation with Sports Interactive

22.08.2020
Article / Emerging challenges

Privacy controls and the data economy

13.09.2020
Article / Emerging challenges

The future of digital identity

12.09.2020
Article / Emerging challenges

Building trust in uncertain times

12.09.2020
Article / The COVID-19 risk landscape

Watch back: live broadcast with IBM, the Oxford Internet Institute and former GCHQ director Robert Hannigan

15.09.2020
Article / The COVID-19 risk landscape

We ask Darktrace: is AI a threat or an opportunity?

13.09.2020
Article / Growing UK cyber

Cybersecurity Startups: Investment Opportunities & Risks

25.09.2020
  • Lorka Logo - White
  • BY
  • Plexal logo - white-out
  • Twitter Icon
  • @LORCAcyber

  • #LORCALIVE21

  • Terms & Conditions
  • Privacy Policy
  • Cookie Policy

© 2023 LORCA Live. All rights reserved.

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Cookie settingsACCEPT
Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.