Why should professional services know about the Cyber Essentials accreditation scheme?

Businesses rely on professional services.

From lawyers providing legal advice, accountants completing the end of year to estate agents finding the perfect spot for a new factory, businesses of all shapes and sizes need professional services.

Photo of couple obtaining professional advice

One of the key factors is deciding whether to use a professional service is trust.

And that trust is not only in the ability to do a good job. With the number of data breaches seemingly ever increasing, businesses need to be reassured that the sensitive data that they are going to share will be held securely.


The Cyber Security Breaches Survey 2022 shows that more professional services use a Managed Service Provider (MSP) than other sectors, but they don’t use cyber security as a measurement within their procurement process for their MSP.

Photo of Microsoft MFA on phone

What does this mean?

Although the MSP might be providing your licences, they aren’t necessarily implementing all the available tools and techniques to make your business as cyber secure as possible as they don’t know that this is essential to you.


What can help?

The Cyber Essentials scheme is a government backed accreditation which has some key benefits:

  • You can reassure customers that you are taking cyber security seriously

  • You have a framework to work with your MSP to have a minimum standard of cyber security that you can review regularly and sleep well knowing that you are doing all you can to protect your business

  • You can attract new business with the assurance that you have cyber security measures in place

Cyber Essentials logo

Is it going to be cost beneficial?

Think about this.


What is the cost if your business was subject to a ransomware attack?

Photo of old fashioned scales

A criminal steals your sensitive files, encrypts your data and demands a payment. How much would that cost you?


It’s not just the cost of ransom, which we would never recommend paying. You need to factor in the cost of the disruption if none of your staff can access your systems. What is the impact on ongoing work? How long might that last?


What is the impact on your reputation when you have to tell all of your customers that their sensitive data has been stolen and might be leaked, even if you did pay the ransom.


Cyber Essentials costs between £300 and £500 +VAT depending on the size of your organisation. I think that the cost vs benefits analysis is fairly clear, don’t you?

The Eastern Cyber Resilience Centre logo

What’s the next step?

Join the Eastern Cyber Resilience Centre community for free. We can talk to you about your business’s cyber resilience and can offer guidance to free tools that you can implement straight away.


Check your current security standard using the free Cyber Essentials Readiness Tool. The Readiness Tool is an interactive set of questions that addresses different parts of your organisation’s security. You will receive specific help in the areas that you need to address to achieve Cyber Essentials.


Tell us when you are ready and we can refer you to one of our Trusted Partners, who are cyber essentials certification bodies in the East of England. They can accredit your work or provide help if required.


Contact us today for more information.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.