Cyber Essentials Accreditation: The Hows and Whys of Getting Certified

Cyber Essentials Accreditation: The Hows and Whys of Getting Certified

The UK generates the third-largest e-commerce sales revenue in the world. Unfortunately, the country is also one of the most vulnerable to cyber-attacks.

In 2019, over half (55%) of businesses in the UK fell victim to at least one cyber attack. That’s 15% higher than the previous year.

It’s for this very reason that the government UK decided to spearhead a series of policies to protect businesses and their consumers.

Enter Cyber Essentials

The Cyber Essentials accreditation is a certification program initiated by the UK government back in 2014.

Its purpose is to increase the cybersecurity level of businesses in the country by adopting best practices to make sure the information they gather and send online is safe and secure.

Why should you get accredited?

Right now, getting a Cyber Essentials accreditation isn’t mandatory. However, it’s going to be well worth your time, effort, and financial investment.

Here’s why:

1. Protect your business from cyber-attacks

If you think that cybercriminals are targeting only large enterprises like British Airways and Uber, think again!

Believe it or not, they’re favorite prey are small businesses, according to the statistics shared by Fundera.

The number of small business targeted by cyber attached increased by 424% in 2018

The reason is simple: Compared to large enterprises, small businesses don’t have the means or the knowledge on how to properly secure their online data.

By going through the Cyber Essentials accreditation, you’ll learn how to check the health of your business’ IT network correctly.

You’ll also learn how to test it for areas of vulnerability, and how to fix it.

More importantly, you’ll be able to develop a consistent evaluation system. That way, it’ll take out the guesswork to make sure that everyone involved in the process knows their assignment.

2. Your business becomes GDPR compliant.

The Cyber Essentials program was a precursor of the General Data Protection Regulation, or GDPR, that went into effect across Europe on May 2018.

The difference is that GDPR takes cybersecurity to a whole new level by ensuring that personal data is collected legally and only used for the purpose previously disclosed.

3. More customers will be willing to do business with you.

According to a study done by PricewaterhouseCoopers, trust is one of the 2 most influential factors that causes someone to buy from a specific company.

After all, you may have the best product or service. Your rates may even be the most competitive.

But if you can’t win the trust of your visitors and leads, your business won’t make any sales.

A study done by Taylor Nelson Sofres shows businesses lose an outstanding $1.9billion annually, all because of customer distrust.

70% of customers will abandon the purchase process if they do not trust the business

That’s why adding trust signals is essential to have on your website.

When your customers see these trust signals on your site, it makes them feel more comfortable doing business with you.

Having a Cyber Essentials badge on your website does just that, especially if your business is based in the UK or your customers are from the EU.

It’s your way of telling them that you’re taking your system’s level of security very seriously.

You can also update your site to HTTPS (if it isn’t, yet) so the padlock icon is displayed in the address bar.

https lock icon in browser

When you buy and install the SSL certificate, your site becomes more secure-looking, making it easier for your audience to trust you.

4. It saves you money.

Admittedly, getting Cyber Essentials doesn’t come cheap. But if you compare this to the amount you could potentially lose, the price becomes insignificant.

Back in October 2016, Uber made headlines after admitting that the data of 57 million users and drivers were hacked and compromised.

The unicorn startup also admitted that it paid the two hackers $100,000 to delete the information they captured, and to keep their mouths shut.

While the settlement may only be spare change for Uber, that’s a lot of money for the average small business owner.

As if that’s not bad enough, businesses now even risk being fined by the Information Commissioner’s Office (ICO) for violating GDPR policies and regulations.

The violation of the GDPR guidelines are required to pay a fine of up to 20 million Euros or 4$ fo thier annual revenue worldwide

UK’s flag carrier, British Airways, for example, was recently fined £183million after the personal information of 500,000 customers were stolen because of vulnerabilities in both their website and mobile app.

And of course, once word gets out that your customers’ data was compromised, you’re chances of converting visitors to customers become slimmer.

Steps to getting your Cyber Essential accreditation

Step #1: Conduct a security audit

The Cyber Essential accreditation process begins with an inspection of the security of your network and online assets like your website, remote servers, and cloud storage.

The goal here is to check the quality and strength of the security measures you already have in place. At the same time, this will help you pinpoint potential areas in these assets that are at-risk.

Step #2: Run a vulnerability test.

Here, your ant-virus and malware software programs will be checked to find out how quickly they can detect malicious code packets.

Once you’ve collected all the data, it’s time to get to work and fix all the problem areas and add additional levels of security. You may need to run another vulnerability test to ensure everything’s in place and running properly.

Step #3: Apply for the certification

As soon as you believe that your network and all your online assets are already secured, you can now apply with an authorized Cyber Essentials certification facility to get your accreditation.

Step #4: Complete the Cyber Essentials questionnaire.

Next, you’ll have to answer a 52-point questionnaire.

Don’t worry! All the questions are multiple-choice. And the questions asked here makes this feel more like going through a very long checklist than taking an exam.

Step #5: Receive your Cyber Essentials accreditation.

If you’ve done the first two steps correctly, you shouldn’t have any problems passing the accreditation exam.

Once a representative evaluates and checks your questionnaire and your system, you’ll be given a certificate and a badge to add to your website.

Congratulations! You are now Cyber Essentials certified.


Cybercrime is a serious issue and concern today. As a business owner, it’s your responsibility to make sure that your customers, employees, and yourself are safe and secure from online threats.

Getting a Cyber Essentials accreditation is only the beginning. Make it a habit to periodically check that your data is safe and protected. The life of your business depends on it.

MyMG Team

We are a small group of professionals specializing in the field of project management. We wish you succeed in your career, business, studies, or whatever else you think is worth your time and effort. Pleased to know that our advice is helpful for you.