Cybersecurity issues are becoming a day-to-day struggle for businesses. Recent trends and cybersecurity statistics reveal a huge increase in hacked and breached data from sources that are increasingly common in the workplace, like mobile and IoT devices. 

Despite this, most SMEs are at risk of being breached either through a lack of awareness or a lack of action. This is a concern for SMEs since the fines and costs associated with cyber-attacks can put them out of business. 

A KPMG survey suggests that only 23% of small businesses prioritise cybersecurity as a top concern. This is being said even though 60% of small businesses have experienced a cyber breach that led to brand damage and loss of clients. 

The UK Government is helping businesses by providing a range of standards and guidelines. The most useful of these for an SME would be Cyber Essentials.  

What is Cyber Essentials? 

Cyber Essentials is a scheme backed by the UK government that was launched in 2014. The standard provides simple but effective guidelines that protect organisations against cyber attacks. 

The primary aim of this scheme is to encourage and guide organisations to adopt the best practices in their information security strategy. Once fully implemented, Cyber Essentials will provide organisations with basic protection against the most prevalent cyber threats. 

It’s a great step in the right direction for SMEs to protect themselves. 

Here are 3 reasons why Cyber Essentials is important for SMEs. 

  1. It helps protect against common cyber attacks

A majority of cyber attacks exploit basic weaknesses in organisations such as the lack of updated software or well-configured firewalls. Often, these types of attacks are simple to defend against with straightforward strategies and Cyber Essentials provides those. 

While there is no security strategy that will stop a hundred per cent of the attacks, Cyber Essentials helps organisations mitigate the risks of the most likely ones by providing a strong base for SMEs to work with. 

  1. It prepares you for being GDPR compliant

The General Data Protection Regulation (GDPR) came into force earlier this year across the EU. As part of this regulation, organisations that are processing the personal information of EU citizens need to protect this data against data theft and unauthorised access. If an organisation is found to be negligent to the GDPR in the event of a breach, the business could face fines of up to 4% of its global turnover. 

Following the Cyber Essentials scheme can assist businesses in preventing these heavy fines and prepare them for compliance with GDPR. Even though the GDPR requires a lot more than the five controls in the Cyber Essentials scheme, the latter allows you to audit your internal security and fend off the basic security threats. It is the first step towards the preparation of GDPR compliance for SMEs. 

3. It shows customers and suppliers that you take cybersecurity seriously 

Customers and even suppliers can often be sceptical in dealing with you if you display little or no concern for cybersecurity. Becoming Cyber Essentials certified can help you establish the trust of clients and partners. 

Once you are certified, you will be able to display a Cyber Essentials badge on your business website. This badge proves to customers, suppliers, and investors that you take the security of systems and the integrity of data seriously. This is particularly important if you are storing, processing, or transferring personal information or hosting sensitive data. 


SMEs are as likely, if not more, as large organisations to be at risk of a cyber-attack. An important step that SMEs can take to improve their cybersecurity is to get Cyber Essentials certified. This has a number of benefits including protection against prevalent cyberattacks and a competitive advantage for bidding on government contracts. 

Contact us if you would like to know about how we can help you obtain your cyber essentials certification.