top of page

Why should my HR company get Cyber Essentials Accreditation?

One of the consequences of a successful cyber attack may be the loss/theft of personal data, which HR firms hold in abundance, and could be a reason that they are a target for cyber criminals.

If personal data is lost, then the Information Commissioner’s Officer (ICO) will need to be told and they will look at what has happened, including what controls you had in place, before determining whether a fine is appropriate. In fact the ICO have recognised that ransomware has become be such an ongoing issue they have their own section about it on their website: Ransomware and Data compliance.

And one of the ways that they suggest to ensure those controls are in place, is with Cyber Essentials.

Cyber Essentials is a simple and effective Government-back scheme designed to help put in place mitigation to the most common cyber-attacks. It looks at the key areas which increase the risk of cybercrime and helps businesses to reduce this threat including, passwords, user assess controls and malware.

A study by Lancaster University found that if the controls with Cyber Essentials were implemented, over 99% of attacks were either fully or partially mitigated!

And if your data isn’t being stolen, you won’t need to speak to the ICO in the first place.

What should I do next?

Join our community at the Eastern Cyber Resilience Centre; it’s totally free. We can talk to you about your charity’s cyber resilience and can offer guidance to free tools that you can implement straight away.

Check your current security standard using the free Cyber Essentials Readiness Tool. The Readiness Tool is an interactive set of questions that addresses different parts of your organisation’s security. A step-by-step action plan is tailored to your requirements based on your answers to the questions.

Tell us when you are ready and we can refer you to one of our Trusted Partners, who are cyber essentials accreditors in the East of England. They can accredit your work or provide additional help if required.

Further Guidance and Support

The ECRC is a police-led, not for profit organisation which companies can join for free.

Our core membership provides:

  • Threat alerts both regionally and nationally

  • Signposting to free tools and resources from both Policing and the NCSC

  • Little steps programme – series of weekly emails which aligns to cyber essentials looking at bite-sized practical information to build cyber resilience

  • Discussion area to meet and discuss other companies in the region and our partners

Policing led – Business focused


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page