NCSC logo

The future of Cyber Essentials

A look at our roadmap for the scheme

It’s been almost 4 years since the Cyber Essentials scheme was launched, with the goal of helping organisations take the first steps in protecting themselves against common cyber-attacks. If you want to know more about the background, Chris Ensor has blogged about the history of the scheme.

Over this time, more than 9000 certificates have been issued. These numbers are good and they continue to grow, but we want the whole of the UK to be much safer online, so there’s plenty of room for improvement.

Along the way, we’ve learned a lot about how organisations get on with the scheme, what’s good about it and what’s not so good. Also during this period, we’ve seen the arrival of the National Cyber Security Centre (NCSC) with its mission to help make the UK the safest place to live and do business online.

So now feels like the right time to start thinking about the future direction of the scheme and to begin addressing some of the feedback we’ve received over the intervening years.

A new website

Before the NCSC came along, various parts of government were responsible for different aspects of the UK’s cyber security. This was true of Cyber Essentials, too. The result was information being spread across various websites, making the subject difficult to navigate.

Also, feedback told us that some of the language used was confusing and too detailed in places for those who were at the very start of their journey to Cyber Essentials certification. Equally, those organisations that were more mature when it came to cyber security, didn’t want to plough their way through lots of superfluous information.

We’ve responded by creating a single site for Cyber Essentials, pulling together information from various government websites. We’ve tried to simplify some of the messages for those who are just beginning to think about Cyber Essentials and have provided a fast-track for those that know what to do and want to be certified. We’ve also separated out information for those organisations who want to help the NCSC in the operation of the scheme (our affiliate centre).

Getting rid of the jargon

A common piece of feedback we’ve had from organisations that have applied for certification and failed first time around, is that it felt a bit like failing an exam that had no syllabus and no one had explained in advance what you were going to be tested on! In response to this, we’ve added an advice section that we hope simplifies what the scheme’s essential controls are and how you might go about implementing them. We’ve also included a handy checklist to help you measure your progress.

How do I know who has a certificate?

Organisations don’t just need to worry about their own cyber security, they should also think about those companies that supply to them. One way of knowing whether your supply chain is secure is by checking if those companies supplying to you are Cyber Essentials certified. You will now be able to look this up on our database.

Tell us what you think

The new site is still in its infancy. There are feedback buttons on every page and we really do want to hear from you. If we don’t know what isn’t working, we can’t fix it – so please take the time to let us know what you think and if you have suggestions about what could make the site better, more accessible or help you to implement Cyber Essentials, please get in touch.

And what’s next ?

Sorting out the website and improving our communications is only the start of changes we’re planning on making. Other areas we’re looking to address include working with our affiliates to make the actual process of certification easier to navigate, ensuring that the technical controls keep pace with the changing nature of the cyber security threat, and aligning the Cyber Essentials scheme with other NCSC offerings.

The NCSC is committed to nurturing the Cyber Essentials scheme towards fulfilling its role in helping to make the UK one of the safest places to live and do business on-line. But we do need your help to get there. So I’ll make no apologies for finishing by saying again – please help us to help you implement Cyber Essentials by giving us your feedback.

Anne W, Head of Assurance Services