Skip to main content

Certification: What’s At Stake?

Cyber Essentials and Essentials Plus certifications are extremely valuable – and, like all things, if they’re worth having they’ll have a cost in terms of time, effort and money.

The question you have to ask yourself is: what are the consequences for your organisation if you remain uncertified?

This is only partly about the operational and financial damage that your organisation can suffer if hit by a cyber attack. It’s also about the penalties that can be imposed upon you if you cannot demonstrate you have taken reasonable efforts to defend against such an attack.

For Example:

  • A small media company was fined £60,000 by the Information Commissioner’s Office (ICO) for failing to take basic steps to stop its website being attacked.
  • UK medical insurance company Bupa was fined £175,000 for failing to have effective security measures in place to protect customers’ personal information.
  • Multinational credit reference agency Equifax was fined £500,000 for failing to protect the personal information of up to 15 million UK citizens during a cyber attack.

Plus, regulatory authorities prosecute not only on the basis of the actual proven abuse of personal data, but on the basis of the security failings that unintentionally facilitate it.

Cyber Essentials/Essentials Plus:

Cookie Notice

We use cookies to ensure that we give you the best experience on our website. Please confirm you are happy to continue.

Back to top