In this blog, we cover why achieving a Cyber Essentials certification is important for SMEs.

cyber essentials for SMEs


Cyber-attacks are among the biggest threats facing businesses today. While the threat of cyber-attacks is nothing new, they are becoming more frequent and more sophisticated. You might have heard about some of the high profile attacks on companies like Sony Pictures or Tesco Bank, but it’s important to understand that these large organisations have teams dedicated to cyber security who can invest significant resources into protecting their systems. For SMEs however, this type of investment is not always possible or practical – which is where cyber essentials come in!

Cyber-attacks are becoming more frequent

You may have noticed that cyber-attacks are becoming more frequent, both in terms of the number of attacks and the amount of damage they cause. The falling cost of cyber-crime is also a factor: criminals can now launch damaging web intrusions for less than £1000. As a result, businesses need to be vigilant about protecting their digital assets and complying with data protection laws such as GDPR.

Cyber-attacks can harm your reputation

Without a doubt, cyber-attacks can harm your reputation. If you’re unprepared or don’t have the right systems in place to prevent them, they can damage your brand and customer service. They could even affect the relationships you have with suppliers and customers.

The importance of Cyber Essentials certification is clear: it shows that your organisation has an effective approach to protecting customer data and information security.

Cyber-attacks often result in financial loss

Cyber-attacks on small and medium sized businesses can result in a range of financial loss, including:

  • Loss of confidential information
  • Loss of intellectual property
  • Customer data stolen/lost (e.g., names, addresses and credit card details)
  • Business reputation damaged due to the impact of cybercrime on customers’ trust.
  • Financial assets lost as a consequence of criminal activity or fraud committed using stolen credentials.

Cyber-attacks are not just a security issue

Cyber-attacks are not just a security issue. They can lead to financial loss and harm your reputation, as well as the reputations of your customers. Cyber-attacks are becoming increasingly frequent:

  • In the UK, cyber-crime costs business £27 billion per year.
  • The average cost of a data breach is $3.62 million in North America and $3.45 million in Europe (according to Ponemon Institute’s “2017 Cost of Data Breach Study”)

If you’re an SME, having cyber essentials is vital

Cyber Essentials is a voluntary, self-certification scheme to help small and medium sized businesses protect themselves from cyber threats. It’s based on the five essential controls and recommended by industry bodies such as BCS, ISACA and CIPFA.

The Cyber Essentials scheme is endorsed by the National Cyber Security Centre (NCSC). The NCSC has introduced this framework for SMEs because it’s aware that smaller organisations are less likely to have in-house expertise or resources available for maintaining good cyber security practices.


If you’re an SME, cyber essentials are vital to protect both your brand and your bottom line. By implementing the best strategies for lessening the impact of cyber-attacks, you can ensure that your business is as safe as possible from these threats. And when it comes down to it, there’s no reason why SMEs shouldn’t be just as prepared as larger companies – after all, they face similar risks and need just as much protection!

 Are you an SME looking to achieve a Cyber Essentials certification?

Why not arrange a free consultation with our team today where we can discuss in depth the Cyber Essentials process. As well as which certification would be needed to support your business. Use the booking system below to select a time that is convenient for you.