The Government’s New Cyber Essentials Campaign: Why Businesses Must Act Now

The UK government has launched a new campaign urging organisations to “lock the door” on cyber criminals by strengthening their cyber security foundations. 

Read the official announcement here.

Cyber security is no longer optional. It is essential to protecting revenue, reputation, and long-term stability.

Recent government figures show that:

These statistics reveal the scale of the problem. While larger businesses often have dedicated security teams and significant budgets, smaller organisations — including many SMEs without specialist IT staff — remain vulnerable to common attacks.

Moreover, research has consistently shown that cyber incidents can directly impact business continuity, reputation, and profitability, making cyber security not just a technical priority, but an essential part of business risk management.

The government’s campaign reinforces that:

More large firms are taking action, but government wants to help businesses of every size to move further and faster by putting protections in place. 

At the heart of the government’s campaign is the Cyber Essentials certification. Developed by the UK’s National Cyber Security Centre (NCSC), this is a government-backed scheme designed to help organisations protect themselves against the most common types of cyber attack.

Cyber Essentials is not about complex, expensive systems. Instead, it focuses on practical, foundational defences that address the most frequent and damaging threats. These core protections are:

• Firewalls to control and filter network traffic
• Secure Configuration of devices and systems
• User Access Control ensuring only authorised people can reach sensitive systems
• Malware Protection to detect and block harmful software
• Patch Management (Security Updates) to keep software up to date and vulnerabilities closed.

Cyber Essentials helps eliminate many of the basic weaknesses that cyber criminals exploit. It provides a clearly defined framework that verifies whether essential security controls are in place, through a certification process that is achievable for organisations of any size.

Organisations that implement these controls can greatly reduce their exposure to common attacks such as phishing, ransomware, and unauthorised access attempts. Encouragingly, data suggests that businesses with Cyber Essentials in place make significantly fewer insurance claims related to cyber incidents, demonstrating the practical effectiveness of the scheme.

Achieving Cyber Essentials certification delivers reassurance that goes beyond technical protection. It gives your organisation:

• Peace of mind that you are protected against the most common online threats
• A recognised standard that demonstrates your commitment to cyber security
• Increased eligibility to bid for contracts, as a growing number of organisations now require suppliers to hold certification
• Greater customer trust by showing that you take data protection and cyber resilience seriously

In today’s threat landscape, baseline protection is not optional — it is a business essential. Cyber Essentials provides a clear, structured way to put those protections in place and prove that they are working.

Cyber criminals can find your business anywhere. No matter your organisation’s size, sector, or location, cyber attacks are no longer a question of if — but when.

The reality is that most cyber attacks are not highly sophisticated. In fact, many are the digital equivalent of a thief walking down a street trying door handles to see which ones are unlocked. They target weak passwords, outdated software, poorly configured systems, and unrestricted user access.

Without strong fundamentals in place — including properly configured Firewalls, secure system settings, controlled user permissions, effective Malware Protection, and regular Patch Management (Security Updates) — businesses leave the door open to preventable threats.

Cyber Essentials helps ensure that door is firmly locked.

By focusing on practical, foundational controls such as Secure Configuration and User Access Control, the scheme reduces the risk of common attacks and strengthens overall resilience. It ensures that the basics are not just assumed, but verified and maintained.

For organisations that require a higher level of assurance, the government also supports Cyber Essentials Plus certification.

While the base Cyber Essentials certification is based on a self-assessment of your controls, Cyber Essentials Plus goes a step further by introducing independent testing. This means an accredited assessor actively verifies that security controls are effectively implemented across your systems, providing a more robust level of validation.

This additional scrutiny is valuable for organisations that need to demonstrate stronger security assurance to stakeholders, regulators, or within supply chains. It removes doubt about whether your systems are actually protected - and provides clear, third-party confirmation.

Navigating the Cyber Essentials process doesn’t have to be daunting. At MCS, we support organisations through every step of their cyber security journey - from early assessments to full certification and ongoing security management. 

What we'll do for you:

• Readiness check - We assess your current setup and highlight any gaps that could prevent you from passing first time.
• Support & remediation - If changes are needed, we’ll help implement the right solutions for your business.
• Certification assistance - We manage the submission and guide you through the process to achieve certification smoothly.
• Ongoing advice - Cyber Essentials is just the start. We’ll help you stay compliant and secure long after certification.

Whether you’re working towards Cyber Essentials for the first time, renewing your certification, or considering Cyber Essentials Plus for stronger assurance, our team is here to make the process straightforward and practical. 

To discover more about how we support Cyber Essentials certification, visit: Cyber Essentials

or book a call with one of our account managers.