Today, expedited by the pandemic, the widespread adoption of digital technology for products and services has made basic cyber security essential to every business that connects to the internet. Accessibility to this protection contributes to the national security of the UK. Consequently, the National Cyber Security Centre (NCSC) aims to extend its reach to offer a trusted source of cyber security advice to a wider range of organisations.

Despite a growing emphasis on cyber security, many organisations often find it hard to choose the right help to meet current guidance. The Cyber Advisor scheme aims to ensure the understanding and application of trusted cyber security advice.

How does the Cyber Advisor Scheme work?

Cyber Advisors will initially focus on helping organisations to implement the five Cyber Essentials Technical Controls. This service will be known as Cyber Advisor (Cyber Essentials). The name includes Cyber Essentials in order to differentiate them from any future assured Cyber Advisors assisting small organisations in other areas of cyber security.

The Cyber Essentials standard has been adopted because this as a good baseline standard recognised by the NCSC to defend against a range of commonly experienced cyber attacks, including ransomware attacks.

Cyber Advisors (Cyber Essentials) can help organisations assess the gap between their current cyber security stance, and that achieved by implementing the Cyber Essentials technical controls.

With the specific needs of an individual business in mind, Cyber Advisors can provide hands-on support to help the organisation take recommended actions. All our Advisors have been assessed not just on their technical knowledge, but also their ability to work specifically with small and medium sized organisations.

An organisation will be helped to meet the Cyber Essentials technical controls, however, they do not necessarily need to be aiming for Cyber Essentials certification. The advice offered by Cyber Advisors will help prepare an organisation should they wish to certify, in which case, they will need to apply through a Cyber Essentials Certification Body.

Cyber Advisors can help organisations by:

• Conducting Cyber Essentials gap analysis to assess the organisations internet-facing IT, identifying where it fails to meet the Cyber Essentials controls
• Developing reports on the status of the organisation’s Cyber Essentials controls i.e. detailing the requirements that are met and those that are not; describing why controls are not met and the risks the organisation is exposed to; recommended actions to take
• Working with the business to agree remediation activities
• Planning remediation activities that align to the risk and business priorities
• Implementing remediation activities – or guide technical teams to do so – sympathetically to operational activities
• Developing and presenting post-engagement reports summarising the engagement and detailing any remediation work completed, pointing out any residual risk with recommendations for reducing those risks

What is the difference between a Cyber Essentials certification body and a Cyber Advisor Assured Service Provider?

A Cyber Essentials Certification Body can assess if an organisation meets the criteria required for Cyber Essentials certification and issue that certification – something a Cyber Advisor cannot do unless their organisation is also a Cyber Essentials Certification Body.

A Cyber Advisor can offer both the advice on and help in implementing the Cyber Essentials technical controls – something that a Cyber Essentials Certification Body cannot do unless it is also a Cyber Advisor Assured Service Provider.