Every business that operates online faces an increasingly complex and serious landscape of cyber threats, making the demand for clear, dependable, and practical cyber security advice more critical than ever. Small and medium-sized enterprises (SMEs), which form the backbone of the UK economy, are particularly vulnerable to cyber incidents as many lack the in-house expertise or resources to navigate the complex world of cyber security. Recognising this critical gap, the National Cyber Security Centre (NCSC) launched the Cyber Advisor scheme two years ago, with IASME as its Delivery Partner and The Cyber Scheme as its Assessment Provider. Together, IASME and The Cyber Scheme work to ensure that SMEs across the UK have access to trusted, qualified cyber security advisors.
As we celebrate the second anniversary of the Cyber Advisor scheme, we reflect on its journey, the opportunities it presents, and the exciting future ahead.
The birth of the Cyber Advisor scheme
The Cyber Advisor scheme was established to address a pressing need: providing SMEs with access to affordable, high-quality cyber security consultancy. While many organisations are eager to improve their cyber resilience, they often don’t know where to start or who to trust. The market is rife with misinformation and, unfortunately, some unscrupulous providers who exploit fear rather than offering genuine solutions.
The Cyber Advisor scheme aims to change that. By creating a pool of NCSC-assured Cyber Advisors, the scheme ensures that SMEs can access expert advice tailored to their needs. These advisors are assessed not only on their technical expertise but also on their ability to understand and communicate effectively with small businesses that may lack IT knowledge.
The role of IASME and The Cyber Scheme
The success of the Cyber Advisor scheme is strengthened by the collaboration between IASME and The Cyber Scheme. IASME, as the NCSC Delivery Partner, manages the scheme and ensures that the Assured Service Providers and their Cyber Advisors meet the rigorous quality and security standards set by the NCSC. The Cyber Scheme, as the Assessment Provider, is responsible for running the independent assessment that all Cyber Advisors must pass. You can find out more about the advisor qualification, ‘Certificate of Competence in Cyber Essentials Implementation’ on the Cyber Scheme webpage.
Both organisations share a common belief: having more qualified Cyber Advisors in the UK is a good thing for SMEs. By working together, IASME and The Cyber Scheme are not only raising the bar for cyber security consultancy but also making it more accessible to the organisations that need it most.
The journey so far: Challenges and opportunities
Over the past two years, the Cyber Advisor scheme has made significant strides, but it hasn’t been without its challenges. One of the biggest hurdles has been the low pass rate for the Cyber Advisor assessment. Many prospective advisors assume that their experience in consultancy will be enough to pass, only to find that they are unprepared for the specific competencies required.
The assessment focuses heavily on the Cyber Essentials framework, a government-backed certification scheme that provides a baseline level of cyber security. Advisors must demonstrate not only their technical knowledge but also their ability to provide proportionate and practical advice. This means understanding the unique challenges faced by SMEs, tailoring the recommendations and communicating in non-technical language.
To address this, IASME and The Cyber Scheme are working to increase awareness of the assessment process and provide clearer guidance for prospective advisors. The goal is to ensure that the right people are taking the assessment and that they are well-prepared to succeed.
Why Become a Cyber Advisor?
For cyber security professionals, becoming an NCSC-assured Cyber Advisor is more than just a qualification—it’s a gateway to business opportunities. The scheme is rapidly gaining recognition as a valuable credential to government-recommended initiatives and contracts.
Cyber Advisors have played a key role in various government-funded and industry-supported security review initiatives designed to help organisations enhance their cyber security. The Funded Cyber Essentials Programme, provided qualifying SMEs in specified sectors with around 20 hours of government-funded remote support with a Cyber Advisor to help them gain Cyber Essentials Plus certification. Other examples include the Scottish Council for Voluntary Organisations(SCVO) and the more recent part funded Secure Innovation Review scheme for emerging technology companies. Cyber Advisors are selected to support these schemes based on their specialist knowledge of working with SMEs
Cyber Advisors are the only cyber security consultants utilised within the new programme that offers SMEs 30 minutes of free cyber security advice. This initiative has received an overwhelmingly positive response, highlighting the growing demand for qualified Cyber Advisors.
Cyber Advisors are playing a key role in delivering the entry-level cyber security training and assessment, ‘Cyber Basics’, developed by IASME.
Along with opening doors to new projects, becoming a Cyber Advisor can also help professionals grow their businesses. By earning the NCSC’s seal of approval, advisors gain a competitive edge in a crowded market, building trust with clients and stakeholders.
Find out more about becoming a Cyber Advisor.
Looking ahead: The future of the Cyber Advisor scheme
As the Cyber Advisor scheme enters its third year, the future looks incredibly promising.
Central to the UK’s broader cyber strategy is the recognition that enhancing national cyber resilience requires a ‘whole of society’ effort. Scaling up the adoption of Cyber Essentials plays an important role in this vision, embedding effective cyber security practices into supply chains and making them a fundamental requirement in contracts. By positioning Cyber Essentials as the minimum baseline standard for all organisations in the UK, it underlines the scheme’s pivotal role in establishing robust baseline security measures that protect businesses of all sizes.
With government assurance and in-depth knowledge of Cyber Essentials, Cyber Advisors are uniquely positioned to deliver tailored solutions and trusted guidance to enhance organisational cyber resilience.
For SMEs, the message is clear: if you’re looking to improve your cyber security, an NCSC-assured Cyber Advisor is your trusted partner. For cyber security professionals and managed service providers (MSPs), now is the time to get on board. The Cyber Advisor scheme is growing rapidly, and those who join now will be well-positioned to take advantage of the opportunities it offers.