In today’s digital landscape, cybersecurity measures are not just important—they’re essential for businesses of all sizes, particularly small and medium-sized enterprises (SMEs). The rising tide of cyber threats makes it imperative for businesses to protect their data and systems. Recent statistics highlight the growing importance of cybersecurity:
- Cybercrime costs the UK economy around £17bn per annum [1].
- 43% of cyberattacks target small and medium-sized enterprises (SMEs) [1].
- Over 1.3 million small and medium-sized businesses across the UK are at risk of folding given the cost of an average cyberattack [2].
- The National Cyber Security Centre (NCSC) reports that 39% of UK businesses identified a cyber breach or attack in 2023, with medium and large businesses more likely to experience such incidents (58% and 75%, respectively) [3].
- The NCSC also noted that 22% of businesses have experienced cybercrime in the last 12 months [4].
The Real-World Impact of CyberSecurity Breaches
High-profile incidents like the recent Royal Mail ransomware attack highlight the critical need for strong cybersecurity measures. This attack caused significant disruptions to Royal Mail’s operations and cost the company around £10m in recovery efforts [5]. Such breaches can lead to severe financial losses, reputational damage, and legal penalties.
Achieving CyberEssentials Plus: A Commitment to Cybersecurity
Achieving the CyberEssentials Plus accreditation is a testament to a company’s commitment to safeguarding sensitive data and protecting against cyber threats.
Recently, we had the opportunity to interview key figures at ADT, Andy (Risk and Compliance Manager), and Dom (Senior Engineer), about their experience in securing this certification for ADT. Here are the highlights of our conversation.
Q: For those who may not be aware, what is CyberEssentials/Plus, and why is it important for businesses today?
Andy: CyberEssentials Plus is a government-backed cybersecurity certification that digs into how well an organisation can fend off cyber threats. In this digital age, keeping business data safe is more crucial than ever.
“If you’re found negligent, you could face fines up to 4% of your global turnover, not to mention the damage to your company’s reputation.”
This accreditation shows that a business, like ours at ADT, is serious about adhering to stringent cybersecurity practices.
Q: What motivated ADT to pursue the CyberEssentials Plus accreditation?
Andy: Our drive to provide secure and reliable IT services led us to pursue this accreditation. It enhances our security posture and offers our clients the highest standards of data protection, aligning perfectly with our core values of reliability and trustworthiness.
“It also complements our ISO27001 UKAS certification.”
Q: Could you describe the approach ADT took to achieve the CyberEssentials Plus accreditation?
Dom: We conducted a rigorous assessment of our IT infrastructure and cybersecurity practices, including an in-depth audit of our network security, malware protection, security configurations, and access controls. We also reviewed operating systems across the network, server, and end-user devices to ensure compliance with CE requirements up until 2027.
Q: How does achieving this accreditation change the way ADT operates or manages its cybersecurity?
Andy: Achieving CyberEssentials Plus has strengthened our cybersecurity framework. We’ve enhanced our protocols for regular security reviews and updates, ensuring continuous improvement and adherence to high standards. This proactive approach secures our operations and adds significant value to the services we provide to our clients.
Q: In what ways does the CyberEssentials Plus accreditation benefit your clients, particularly SMEs?
Andy: For SMEs, working with a CyberEssentials Plus accredited partner like ADT means enhanced security assurance. This accreditation shows we can protect client data effectively, reducing their risk of cyber threats and enabling them to focus more on their core business activities.
“Since October 2014, CyberEssentials has been a requirement for many UK public sector contracts, expanding your eligibility to work with the government.”
Q: Why should SMEs consider working with a partner like ADT to assess, remediate, and audit for CyberEssentials accreditations?
Andy: SMEs often lack the in-house resources or expertise to manage complex cybersecurity challenges effectively. By partnering with ADT, they benefit from our expertise and proven frameworks to achieve CyberEssentials accreditation and ensure ongoing compliance with further accreditations like ISO27001.
Q: What are the common cybersecurity risks that SMEs face today, and how does CyberEssentials Plus help mitigate these risks?
Dom: Common risks include phishing attacks, malware, data breaches, and unauthorised access. CyberEssentials Plus ensures fundamental security controls are in place to prevent these threats, safeguarding sensitive business and personal information.
Q: Could you share a specific example of how ADT has helped an SME client improve their cybersecurity posture through CyberEssentials Plus accreditation?
Dom: One of our SME clients was frequently experiencing phishing attempts and malware threats. After partnering with ADT, we guided them through the CyberEssentials Plus accreditation process. As a result, we significantly enhanced their defences by implementing advanced email security, and endpoint protection solutions tailored to their business.
Andy: In addition to technical implementation, we focused on educating their team on best practices, and the importance of ongoing vigilance in cybersecurity.
“This holistic approach fortified their defences and empowered them with the knowledge to maintain high-security standards.”
Q: Looking forward, how does ADT plan to continue supporting SMEs in their ongoing cybersecurity efforts?
Dom: ADT plans to keep evolving our cybersecurity offerings to stay ahead of emerging threats. We will work with SMEs to deploy tools that are ADT tried, tested, and proven to maintain a firm security posture. Regular training and updates will ensure our SME clients remain protected and compliant with the latest security standards.
Andy: We’re committed to evolving our cybersecurity offerings. From a compliance viewpoint, we’ll ensure that our SME clients are equipped with cutting-edge security technologies and staying ahead of regulatory changes.
“We aim to demystify compliance and make it a seamless part of their cybersecurity strategy, providing regular updates and guidance to navigate data protection laws and standards.”
Sources
- National Cyber Security Centre (NCSC), Cyber Security Breaches Survey 2024 – GOV.UK. Available at: https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2024
- Vodafone Cybersecurity Report 2023. Available at: https://newscentre.vodafone.co.uk/app/uploads/2021/03/Vodafone-Cybersecurity-report-220223.pdf
- National Cyber Security Centre (NCSC), Cyber Security Breaches Survey 2023 – GOV.UK. Available at: https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023
- National Cyber Security Centre (NCSC), Cyber Security Breaches Survey 2024: Technical Report – GOV.UK. Available at: https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2024-technical-report
- TechMonitor, “Royal Mail spent £10m on cybersecurity after LockBit ransomware attack”. Available at: https://techmonitor.ai/technology/cybersecurity/royal-mail-spent-10m-on-cybersecurity-after-lockbit-ransomware-attack