Skip to content
  • Home
  • Lorca Live
    • Register
    • Agenda
    • Speaker Spotlight
    • Highlights from 2021
  • Workshops
  • Innovators in Residence
  • 2020 Highlights
  • About LORCA
  • Contact Us
LORCA Live
29 - 31 MARCH 2021
#LORCALive
  • REGISTER
  • /
  • SIGN IN
  • Home
  • Lorca Live
    • Register
    • Agenda
    • Speaker Spotlight
    • Highlights from 2021
  • Workshops
  • Innovators in Residence
  • 2020 Highlights
  • About LORCA
  • Contact Us

Emerging challenges

Back
Partner content
Dell Technologies
Scott McKinnon

Scott McKinnon

Security Architect
VMware
SHARE ON TWITTER
SHARE ON LINKEDIN

What early-stage organisations need to know about deploying Cyber Essentials to manage supply chain risk

Cyber Essentials is a UK government-backed scheme designed to assist organisations in deploying a minimum set of cybersecurity controls. Not only does adherence to the scheme help protect against a common set of cyber attacks, but it raises the metaphorical security bar and is also a public demonstration of a commitment to better cyber hygiene practices through a formal assurance scheme recognised across many different industrial sectors.

Cyber Essentials comes in two different forms: Cyber Essentials and Cyber Essentials Plus. Cyber Essentials itself is a self-assessed questionnaire, attested to by a senior member of management, that proves your organisation has considered a credible set of base-level cyber controls and best practices. It allows you to think about threats, adopt simple but effective protections and reduce the risk level for the organisation as a whole.  

The questionnaire covers items like:

  • organisational details and contacts
  • the scope of assurance coverage
  • best practices for internal/external boundary devices
  • best practice for servers, clients and mobile computing devices

Cyber Essentials Plus is based on the same set of security practices and controls as Cyber Essentials, but adds an external third-party validation of responses and includes some on-site testing. The testing covers areas like end user and internet-facing systems vulnerability scanning, file-based email and download.  

The scheme operates on a continuous basis; an organisation is accredited for 12 months at a time and will have to renew annually. This operational model drives visibility and accountability as part of a continuous improvement process: statements made, reflect current operations and management understanding of the business risk.

The benefits of formal accreditation

There are many benefits of taking such an approach with formal accreditation. It enables you to understand the current position of your organisation with regards to cybersecurity controls and gives management visibility of the business risk associated with operations as they are today. Being able to independently demonstrate that cybersecurity as part of supply chain risk is an actively managed element of the organisation’s operations can help generate customer confidence. Many government customers – and increasingly other regulated industries – are demanding evidence of Cyber Essentials for procurement processes. And finally, existing customers can draw confidence from partnering with organisations that manage risk to an appropriate level.

Companies – including startups and SMES – should consider adopting the Cyber Essentials scheme as part of a wider consideration of supply chain risk. Trust is crucial in business-to-business and business-to-consumer relationships, and being able to demonstrate that you’re actively managing your cyber risk will help early-stage companies acquire new customers. Cyber Essentials compliance should be part of what early-stage organisations implement to protect their own – as well as customer – information in what is a critical business development phase.

Cyber Essentials itself is relatively low-cost: the questionnaire is free and registration to the scheme once complete is £300 + VAT. Cyber Essentials Plus, which involves on-site testing, will be more expensive.

RELATED CONTENT

Article / Emerging challenges

Is policing disinformation the role of social media platforms?

22.08.2020
Article / Growing UK cyber

CISO wishlist: what can startups do better when selling in to enterprises?

15.09.2020
Article / Going global

Exporting cybersecurity: in conversation with the Department for International Trade

13.09.2020
Article / Growing UK cyber

Workshop recording: Kudelski Security

18.09.2020
Article / Going global

International spotlight: Tel Aviv

07.09.2020
Article / Emerging challenges

How to Crawl, Walk and Run Out of Crisis and Into Digital Transformation

12.09.2020
Article / Growing UK cyber

Maintaining momentum for UK cyber: mind the gap

22.08.2020
Article / Education and skills

How to develop your app using secure by design principles

09.09.2020
Article / Emerging challenges

Building trust in uncertain times

12.09.2020
Article / The COVID-19 risk landscape

How the C5 Cyber Alliance is securing our healthcare infrastructure

13.09.2020
Article / Growing UK cyber

Cybersecurity Startups: Investment Opportunities & Risks

25.09.2020
Article / Emerging challenges

How can we secure identities in the era of the digital citizen?

09.09.2020
  • SHARE ON TWITTER
  • SHARE ON LINKEDIN
  • Lorka Logo - White
  • BY
  • Plexal logo - white-out
  • Twitter Icon
  • @LORCAcyber

  • #LORCALive


  • Terms & Conditions
  • Privacy Policy
  • Cookie Policy
  • Highlights from 2020

© 2022 LORCA Live. All rights reserved.

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of all the cookies.
Cookie settingsACCEPT

Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT