Lookout unveils research finding security experts have a significant lack of awareness of the National Cyber Security Centre's (NCSC) Cyber Essentials framework.

Lookout, the endpoint-to-cloud security company, announced the results of a survey conducted at Infosecurity Europe, which evaluated the opinions of 246 security professionals towards the NCSC Cyber Essentials framework. 

The research found only 28% of organisations had fully implemented Cyber Essentials, with over a third (40%) of security professionals claiming they were unfamiliar with the scheme. 

Of those that had not implemented the scheme, over half (58%) said a lack of awareness or understanding was why their organisation had not done so.  

The NCSC Cyber Essentials scheme is a UK government-backed programme to help UK organisations improve their cyber resiliency against the most common cyberattacks. 

Cyber Essentials provides two levels of certification, a basic level and a 'plus', which organisations can achieve when showing commitment to cyber security. 

The basic Cyber Essential certificate indicates the organisation can prevent most cyberattacks. With Cyber Essentials Plus, there is an added hands-on technical verification and vulnerability scanning conducted on the organisation's systems.  

Of those that answered they were Cyber Essential certified, 58% stated they had the standard level, while 42% had completed Cyber Essential Plus.

The top three benefits experienced from being certified were: an improvement in cybersecurity measures (60%), an increase in customer trust and confidence (54%), and compliance with regulatory requirements (48%). 

Nevertheless, threat actors will continue to target those not taking security seriously, and the negative impact on the broader supply chain is a cause for concern. To the extent that the NCSC issued a warning because of the rising number of cyberattacks from vulnerabilities exploited within the supply chain. 

Cyber Essentials certification is mandatory for organisations wanting to bid for UK government contracts, which may involve handling sensitive information or providing IT services or products.  

Indeed, nearly half of security professionals (47%) check if their third-party suppliers are UK Cyber Essentials certified. However, 41% would still partner with a supplier if they were not accredited, stating it's not a deal breaker. 

When gauging the opinions on the number of cybersecurity certifications, laws and regulations, 24% of security experts believed there are too many to keep track of. Yet, over three-quarters (79%) stated all organisations should be required to prove they meet a basic standard of security, like Cyber Essentials, to mitigate the risk from common cyber threats, with the majority (89%) stating it's important.  

Bastien Bobe, Field CTO EMEA at Lookout, says: "The findings from the study are concerning and showcase the work needed to be done to not only build awareness around the NCSC Cyber Essentials framework, but also to get more organisations accredited."

"In the modern, remote-working world, with mobile and cloud-based threats on the rise, it is imperative to deploy cloud-native defences that can deliver zero-trust security to safeguard corporate data from any location, device, application or network. 

"The objective for many businesses is to reduce their overall risk." 

"However, to achieve this, they must have a proactive security strategy that enhances their own cybersecurity practices as well as ensures compliance with industry standards and accreditations, specifically frameworks like UK Cyber Essentials," says Bobe.