Locking the digital door should be as routine as locking the front one, say supporters of a UK Government advertising campaign urging businesses to guard against online threats.
At the Department for Science, Innovation and Technology (DSIT), Cyber Security Minister Baroness Lloyd said no business is out of reach from cyber criminals. She said: “SMEs play a vital role in our economy, and business owners work incredibly hard to build something valuable, but too many still assume cyber criminals only go after big brands. The reality is criminals look for easy opportunities, and without basic protections in place, any business of any size can become a target.
“I know smaller firms don’t have large IT teams, and that is exactly why Cyber Essentials matters. It provides a straightforward checklist to lock the door on cyber criminals, without needing specialist expertise. Cyber risk is business risk, just like fire or theft, and the protections are just as essential.” She urged businesses to adopt the official Cyber Essentials certification scheme.
Comments
Jamie Akhtar, CEO of CyberSmart, said: “The government’s new campaign is right to focus on the UK’s backbone – small and medium enterprises. SMEs underpin employment, supply chains and economic growth. When they are disrupted, the consequences can extend beyond a single organisation. Around half of small businesses report a breach or attack each year. Yet just over one in ten are aware of Cyber Essentials. That gap is the issue.
“Cyber Essentials should be applauded for its accessibility and impact. It is a clear, proportionate baseline of controls that reduces exposure to common threats, designed to be achievable for organisations of any size.
“The statistics speak for themselves. Organisations with Cyber Essentials are 92 per cent less likely to make a cyber insurance claim than those without it. Given the potential costs and disruption caused by an incident, that is a measurable shift in outcomes that can make the difference between continuity and collapse.
“It also strengthens decision-making; 85 per cent of certified organisations report a better understanding of cyber risk. Better understanding leads to earlier action – at the last responsible moment, when prevention is still practical and disruption is still avoidable. The UK is a world leader in setting standards. It now needs adoption at national scale. The framework is proven, and thousands of managed service providers already help SMEs implement and maintain Cyber Essentials-aligned controls as part of everyday, high-quality IT support.
“As the NCSC’s latest Annual Review makes clear, incidents are rising in both frequency and impact. The time to act is now – not after a customer demands it or a breach forces change. Wider adoption is therefore about more than compliance. It strengthens business continuity, supply chain resilience and trust in a digital-first world. Cyber confidence gives leaders peace of mind – knowing the basics are in place, risks are controlled, and they do not have to worry about preventable disruption.”
Background
DSIT and the UK official National Cyber Security Centre (NCSC) developed Cyber Essentials, covering firewalls; secure configuration; software updates; user access control; and malware protection.
