Cyber Essentials in the supply chain: a digital brochure

May 7, 2025 | Cyber Essentials

Embedding Cyber Essentials into supply chains

The National Cyber Security Centre (NCSC) and the Department for Science, Innovation and Technology have released the Cyber Essentials Supply Chain digital brochure, now available for download.

This comprehensive resource highlights the critical role Cyber Essentials plays in securing supply chains and offers practical guidance for organisations looking to enhance their cyber resilience.

Cyber Essentials: A Proven Tool for Supply Chain Assurance

The Cyber Essentials Supply Chain brochure underscores the effectiveness of the Cyber Essentials scheme as a foundational measure for organisations of all sizes. By implementing five core technical controls, Cyber Essentials helps organisations mitigate the majority of high-volume, low-skill cyber attacks, also known as commodity attacks.

The brochure reveals compelling statistics that demonstrate the scheme’s impact:

  • Organisations with Cyber Essentials are 92% less likely to make an insurance claim for a cyber incident compared to those without certification.

  • 75% of Cyber Essentials users report greater confidence when working with certified suppliers.

  • 59% of users save time on cyber security due diligence when a potential supplier is Cyber Essentials Plus certified.

The Growing Threat of Supply Chain Attacks

The brochure also sheds light on the increasing prevalence of supply chain attacks, where cyber criminals exploit vulnerabilities in third-party suppliers to infiltrate larger, more secure organisations. With just 11% of UK businesses assessing the cyber risk of their immediate suppliers, the need for widespread adoption of Cyber Essentials is clear.

Accessible and Scalable for All Organisations

One of the key strengths of Cyber Essentials is its accessibility. Designed to be suitable for organisations of all sizes, the scheme offers two levels of certification:

  • Cyber Essentials: A verified self-assessment certified by an approved Certification Body.

  • Cyber Essentials Plus: A more rigorous certification that includes technical testing by a licensed assessor.

The cost of certification is tiered based on organisation size, making it an affordable option even for micro-organisations. Additionally, organisations with an annual turnover of less than £20 million are eligible for free cyber insurance upon certification.

Expanding the Role of Cyber Essentials

The brochure highlights ongoing efforts to expand the role of Cyber Essentials in supply chain risk management. Major high street banks, in collaboration with the NCSC, are incorporating the scheme into their supplier requirements to raise cyber security standards across critical national supply chains.

A case study from St. James’s Place, one of the UK’s largest pensions and life companies, illustrates the scheme’s impact. By requiring over 2,800 independent businesses in its partnership network to achieve Cyber Essentials Plus certification, the company has seen an 80% reduction in cyber security incidents.

Support for Organisations and Suppliers

To help organisations and their suppliers achieve certification, the brochure outlines a range of support tools, including:

  • Cyber Essentials Supplier Check Tool: A bespoke search function to verify certifications across supply chains.

  • Cyber Essentials Knowledge Hub: A free online resource offering technical guidance and up-to-date information.

  • Cyber Essentials Readiness Tool: An interactive tool to help organisations assess their readiness for certification.

  • Cyber Advisors: A network of NCSC-assured consultants providing cost-effective cyber security advice and support.

A Call to Action

The Cyber Essentials Supply Chain brochure concludes with a clear message: embedding Cyber Essentials within supply chain contracts is a critical step toward improving the UK’s cyber resilience. By adopting the scheme, organisations can protect themselves, their suppliers, and their customers from common cyber threats, while contributing to a safer and more secure digital economy.

To learn more, access support, or begin your journey toward certification, download the Cyber Essentials Supply Chain brochure today.

Download the brochure here: https://iasme.atlassian.net/wiki/download/attachments/3622043768/A5%20Supply%20Chain%20Tool%20brochure%202025.pdf?api=v2

Learn more about Cyber Essentials: iasme.co.uk/cyber-essentials