New research by Lookout has revealed that there is a lack of awareness towards the NCSC Cyber Essentials framework. The endpoint-to-cloud security provider found only 28% of organisations had fully implemented Cyber Essentials, with over a third (40%) of security professionals claiming they were unfamiliar with the scheme. Of those that had not implemented the scheme, over half (58%) said a lack of awareness or understanding as the reason why their organisation had not done so.
Having evaluated the opinions of 246 security professionals towards the NCSC Cyber Essentials framework at Infosecurity Europe 2023 (20 – 22 June), it is clear more works needs to be done to raise awareness for the UK government backed programme that aims to help UK organisations improve their cyber resiliency against the most common cyberattacks. There are two levels of certification provided by Cyber Essentials, a basic level and ‘plus’, which organisations can achieve when showing commitment to cyber security. Achieving the basic Cyber Essential certificate indicates the organisation knows how to prevent the vast majority of common cyberattacks. With Cyber Essentials Plus, there is an added hands-on technical verification and vulnerability scanning that is conducted on the systems used by the organisation.
Of those that answered they were Cyber Essential certified, 58% stated they had the standard level while 42% had completed Cyber Essential Plus. The top three benefits experienced from being certified were: an improvement in cybersecurity measures (60%), an increase in customer trust and confidence (54%), and compliance with regulatory requirements (48%).
“The findings from the study are concerning and showcase the work needed to be done to not only build awareness around the NCSC Cyber Essentials framework, but also to get more organisations accredited,” said Bastien Bobe, Field CTO EMEA at Lookout.
“In the modern, remote-working world, with mobile and cloud-based threats on the rise, it is imperative to deploy cloud-native defences that can deliver zero-trust security to safeguard corporate data from any location, device, application or network. The objective for many businesses is to reduce their overall risk. However, to achieve this, they must have a proactive security strategy that enhances their own cybersecurity practices as well as ensures compliance with industry standards and accreditations – specifically frameworks like UK Cyber Essentials.”