A recent study conducted by Lookout, a leading endpoint-to-cloud security provider, has shed light on the lack of awareness surrounding the NCSC Cyber Essentials framework. The research revealed that only 28% of organizations have fully implemented Cyber Essentials, indicating a significant gap in understanding and adoption of this critical cybersecurity program. Alarmingly, the study found that 40% of security professionals surveyed claimed to be unfamiliar with the scheme.
The NCSC Cyber Essentials framework, backed by the UK government, aims to assist organizations in enhancing their cyber resiliency against common cyberattacks. It offers two levels of certification: a basic level and ‘plus’. Achieving the basic certificate demonstrates an organization’s ability to protect against the majority of common cyber threats, while Cyber Essentials Plus includes hands-on technical verification and vulnerability scanning of the organization’s systems.
During the evaluation of 246 security professionals at Infosecurity Europe 2023, it became evident that greater efforts are needed to increase awareness and promote understanding of the NCSC Cyber Essentials framework. Many organizations seemed unaware of the program’s benefits and were thus hesitant to pursue certification. Of those surveyed, 58% claimed to hold the standard level certificate, while 42% had achieved Cyber Essentials Plus.
The study also highlighted the significant advantages experienced by organizations that became certified. Among the top three benefits were an improvement in cybersecurity measures, an increase in customer trust and confidence, and compliance with regulatory requirements. These findings demonstrate the positive impact that adherence to the Cyber Essentials framework can have on an organization’s overall security posture.
Bastien Bobe, Field CTO EMEA at Lookout, expressed concern regarding the survey results and emphasized the need for additional efforts to raise awareness and encourage more organizations to seek accreditation. In today’s remote-working world, with increasing mobile and cloud-based threats, it is crucial to deploy cloud-native defenses that provide zero-trust security and protect corporate data regardless of location, device, application, or network. Bobe stressed that organizations should strive to reduce their overall risk by implementing proactive security strategies that enhance cybersecurity practices and align with industry standards like UK Cyber Essentials.
For organizations seeking further details on the study’s findings, the complete results can be accessed through the Lookout website. It is clear that many organizations lack awareness of the NCSC Cyber Essentials framework, hindering their ability to reinforce their cybersecurity defenses effectively. It is imperative that efforts be made to bridge this knowledge gap, ensuring that these organizations understand the importance of the program and work towards certification. Only then can they achieve robust cyber resilience against the evolving threat landscape.