Charity law is changing. Click here to find out how the changes will affect your charity.

Cyber Essentials – 5 basic questions

Main Image

Why should I get Cyber Essentials?

Getting Cyber Essentials means you have put in place 5 key technical controls which help protect your organisation against cyber attacks. Having these controls in place will significantly improve your cyber resilience. Going through the Cyber Essentials accreditation process will help you systematically review the security of your systems and take action to make them more secure. Finally, having Cyber Essentials accreditation means you can demonstrate to your service users and supporters that you take IT security seriously.

Will it guarantee my IT systems are secure?

No system offers perfect protection against the most sophisticated cyber attacks. But the vast majority of cyber attacks are not sophisticated, they are relatively basic attacks looking for obvious weaknesses. Cyber Essentials is the equivalent of making sure your front door is locked - it means you have taken the most important steps to protect against the most common kind of attacks. For charities of all sizes, Cyber Essentials is an important first step to improving your cyber security. Cyber Essentials covers technical controls and systems. Staff awareness and training is another key part of being cyber resilient, and this is something you’ll need to tackle separately.

What is the difference between Cyber Essentials and Cyber Essentials Plus?

Cyber Essentials and Cyber Essentials Plus both involve the same main steps:

  • Finding a suitable IT partner to work with
  • Reviewing whether your systems meet the technical requirements
  • Completing the Cyber Essentials questionnaire

The difference is that Cyber Essentials Plus involves more rigorous testing and independent verification by an approved accreditation body. This means that Cyber Essentials Plus is more expensive to achieve. Because of this, we are supporting smaller charities (annual income less than £4m) to achieve Cyber Essentials. We expect that a grant of £1,000 should cover most or all of the costs involved. We are encouraging larger charities to aim for Cyber Essentials Plus accreditation, but we recognise that these organisations will need to find other resources to meet all the costs of achieving the more rigorous standard.

Which organisations are eligible for cyber grants?

Any third sector organisation in Scotland can apply for a cyber grant. This covers registered charities and mutual not-for-profit companies delivering public benefit, such as housing associations and credit unions. For private sector organisations in Scotland, Scottish Enterprise is running a Cyber Vouchers scheme. Third Sector organisations with annual incomes below £4m per year can apply for a grant to obtain Cyber Essentials, and larger organisations with incomes greater than £4m per year are eligible to apply for a grant towards some of the costs of obtaining Cyber Essentials Plus.

How do I apply?

You can apply online here. The application form is simple, it asks a few basic questions:

  • About your organisation
  • How you will benefit from obtaining Cyber Essentials
  • What your current level of cyber resilience is and
  • How you plan to go through the accreditation process

The deadline for this cyber grants call is 18 December. Depending on demand and the resources we have available, we may run another round at some point in 2019.