Campaign to lock the digital door

Introduction

The Government has just launched a campaign to encourage more businesses of every size to  lock the door on criminals by putting cyber security protections in place: https://www.gov.uk/government/news/businesses-urged-to-lock-the-door-on-cyber-criminals-as-new-government-campaign-launches

Statistic

Cyber threats cost UK businesses £14.7 million a year. Significant cyber incidents cost £195,000 on average. Over the past year, 82% of medium and large businesses have suffered a cyber incident, and half of small businesses have suffered a cyber breach or attack. It is not safe for small businesses to assume they dip below the radar: the reality is criminals look for easy opportunities, and without basic protections in place, any business of any size can become a target said the Cyber Security Minister Baroness Lloyd when urging small businesses to adopt Cyber Essentials now.

What are Cyber Essentials?

The National Cyber Security Centre (NCSC) has devised the Cyber Essentials certification programme to ensure that basic measures are in place to keep the digital door shut tight. There are five technical controls:

1. Secure configuration

Computers are securely set up to minimise ways that a cyber-criminal can gain access. Measures include setting up an Administrator account that has no or severely restricted access to the internet.

2. User access control

Access to data and services and the level of access is controlled. This includes setting adequate passwords and automatic screen locking, together with using multi factor authentication for third party software or apps. (To comply with data protection legislation, it is important to remember that personal data should be shared internally only on a need-to-know basis.)

3. Malware protection

Viruses or other malicious software are identified and immobilised before they have a chance to cause harm. One obvious and relatively straightforward measure is the installation of anti- malware software.

4. Security update management

Cyber criminals are prevented from using vulnerabilities they find in software as an access point to computer systems. Software patches are downloaded within two weeks of their release. Many large security breaches resulting in big fines have arisen from the failure to download these patches.

5. Firewalls

A security filter is created between the internet and the internal network, even if this is no more than making sure the computer’s internal firewall is turned on.

Free Cyber Liability Insurance

After successfully re-applying for Cyber Essentials certification last month, the statistics produced by the Government to support the practical benefits of the scheme are reassuring. Last year 92% fewer insurance claims were made by organisations with Cyber Essentials in place. This may explain why organisations with a turnover of under £20 million that achieve certification are offered free Cyber Liability Insurance.

Other benefits

Cyber Essentials certification shows the Information Commissioner, clients and suppliers that an organisation takes its data security obligations seriously. The NCSC website allows visitors to check whether an organisation has accreditation easily.

Where there is a security breach despite compliance, that is likely to be a significant mitigating factor when and if the Information Commissioner considers possible sanctions.

Questions to consider

1. Do you have Cyber Essentials certification?

2. Should you have it?

3. Have you checked that your suppliers and contractors have it?

Mariel Irvine

19 March 2026