I’m a huge fan of the UK’s Cyber Essentials Scheme. I’ve championed internally (at a previous role) and learned from hands-on experience the amount of effort it takes to deliver it on a shoe string budget. The return on investment is IMENSE. The UK Government, got this one right!
The upcoming changes, however, are not all positive. Non cybersecurity literate will, in my opinion, skip passed anything that will not be required as part of the certification as only aiming to attain the reputational boost and increased confidence to trade with offered by adhering to the scheme.
The reasoning should be obvious, but I’ll state it for clarity: companies still view cybersecurity as a cost center. Until this changes to be viewed as an effective value delivery / protection, companies will strive only for the tickbox. Minimal due diligence, checked. compliance, checked.
Article: https://hackernoon.com/changes-to-the-uks-cyberessentials-scheme-puts-businesses-at-risk