The consequences of a data breach or other cyber security compromise always become noisily public – well within earshot of your customers, partners and suppliers, not to mention the regulatory authorities.
So how do you convince these critical stakeholders that you have taken appropriate steps to keep your organisation (and, therefore, their dealings with it) secure? How do you not only attain, but also convey, cyber trustworthiness?
The Cyber Essentials and Cyber Essentials Plus certification schemes put a workable, credible tick in both boxes.
Cyber Essentials and Essentials Plus certifications are extremely valuable – and, like all things, if they’re worth having they’ll have a cost in terms of time, effort and money (let’s not pretend they won’t).
The question you have to ask yourself is: what are the consequences for your organisation if you remain uncertified?
This is only partly about the operational and financial damage that your organisation can suffer if hit by a cyber attack. It’s also about the penalties that can be imposed upon you if you cannot demonstrate you have taken reasonable efforts to defend against such an attack – and these can prove very expensive indeed!
Plus, the arrival of the EU General Data Protection Regulation (GDPR) is only likely to push these fines skyward, as the regulatory authorities start to prosecute not only on the basis of the actual proven abuse of personal data, but on the basis of the security failings that unintentionally facilitate it.