Understanding the difference between cyber policies and Cyber Essentials

The O Team • 11 July 2023

In today’s digital age, where businesses heavily rely on technology and online platforms, safeguarding sensitive information and protecting against cyber threats has become a crucial priority. Cybersecurity measures play a vital role in protecting businesses against data breaches, hacking attempts, and other cyber risks.


Two terms that often come up in this context are 'cyber policies' and 'Cyber Essentials'. While they both contribute to strengthening cybersecurity, they serve distinct purposes. This blog aims to shed light on the difference between cyber policies and Cyber Essentials.



Cyber Policies


Cyber policies, also known as cybersecurity policies or information security policies, are formal documents that outline an organisation’s approach to cybersecurity. These policies are a set of rules, guidelines, and procedures that define how an organisation manages, protects, and handles its digital assets, information systems, and data. They provide a framework for establishing security standards, protocols, and practices that align with the organisation’s goals and regulatory requirements.


Key features of cyber policies include:


1. Scope: Cyber policies cover various aspects of cybersecurity, such as data protection, access controls, incident response, employee training, and vendor management.


2. Customisation: Organisations can tailor their cyber policies to their specific needs, considering their industry, size, and unique risk landscape.


3. Compliance: Cyber policies often align with industry standards, legal requirements, and regulatory frameworks to ensure compliance and mitigate legal and reputational risks.


4. Documentation: Cyber policies should be well-documented, easily accessible to employees, regularly reviewed, and updated to address emerging cyber threats and changing business needs.



Cyber Essentials


On the other hand, Cyber Essentials is a cybersecurity certification scheme developed by the UK government. It aims to help organisations improve their cybersecurity posture and demonstrate their commitment to protecting against common cyber threats. Cyber Essentials focuses on implementing fundamental security controls that address the most prevalent types of cyberattacks.


Key features of Cyber Essentials include:


1. Basic Controls: Cyber Essentials focuses on five key technical controls: boundary firewalls and internet gateways, secure configuration, user access control, malware protection, and patch management.


2. Certification: Organisations can undergo an assessment process to achieve Cyber Essentials certification, indicating that they have met the necessary security requirements.


3. Risk Mitigation: By implementing the Cyber Essentials controls, organisations can significantly reduce their vulnerability to common cyber threats, such as phishing, malware, and unauthorised access.


4. Supplier Assurance: Cyber Essentials certification can enhance an organisation’s reputation and provide assurance to customers and business partners about its commitment to cybersecurity.



While cyber policies and Cyber Essentials both contribute to bolstering cybersecurity, they serve distinct purposes. Cyber policies encompass a broader range of guidelines and procedures, tailored to an organisation’s specific needs, ensuring compliance with regulatory frameworks and industry standards. On the other hand, Cyber Essentials focuses on a set of fundamental security controls to mitigate common cyber threats and provides a certification that demonstrates a commitment to cybersecurity best practices.


In an ideal scenario, organisations should consider adopting both cyber policies and Cyber Essentials. Cyber policies provide a comprehensive framework for managing cybersecurity risks, while Cyber Essentials helps establish a baseline of essential security controls. Together, they create a robust cybersecurity foundation that protects sensitive information, safeguards against cyber threats, and helps maintain trust in the digital landscape.


If you need help with your cyber policies and/or Cyber Essentials certifications, then we can help. Just give us a call >

Someone dropping an alarm clock into a waste paper bin

Say Goodbye to Wasting Hours on PowerPoint Slides

by The Orbital10 Team 14 July 2025
Turn Word documents into PowerPoint slides in seconds with Microsoft Copilot — a faster, smarter way to boost team productivity.
A man pulling apart some blinds to peer through suspiciously

Windows 11 Could Soon Warn You If Someone’s Snooping Over Your Shoulder

by The Orbital10 Team 14 July 2025
Windows 11’s upcoming Onlooker Detection feature could warn you if someone’s snooping on your screen, helping protect your privacy when working in public.
A hand pressing a digital screen and the letters 'AI'

Generative AI Is Already in Your Workplace – Are You Using It?

by The Orbital10 Team 14 July 2025
90% of businesses are using Generative AI — are you? Learn how AI is transforming productivity, and what your organisation needs to do next.
Person in front of a laptop looking at their emails with a symbol showing one new email

Phishing Alert: Is That Really Microsoft in Your Inbox?

by The Orbital10 Team 14 July 2025
Phishing scams are impersonating Microsoft more than ever. Learn how to spot the signs, stay alert, and protect your business from cyber threats.
Woman sitting in front of a laptop with her arms in the air shrugging

IT Security and Cybersecurity: What's the Difference?

by The Orbital10 Team 7 July 2025
Learn the key differences between IT Security and Cybersecurity, plus essential steps every business must take to protect data and systems.
Some typing on a laptop with backup clouds dotted around

The Smarter Way to Defend Against Ransomware

by The Orbital10 Team 11 June 2025
Ransomware is evolving — and it’s coming for your backups. With attacks at an all-time high, your last line of defence needs to be bulletproof. Discover how immutable backup storage can keep your business protected, even when attackers get in.
A post it note with 'password qwerty' written on it

Still using weak passwords? It’s time to rethink your security.

by The Orbital10 Team 11 June 2025
Weak passwords are still one of the biggest risks to your business – and attackers know it. From “123456” to reused logins, poor password practices make it easy for cyber criminals to get in and cause serious damage. In this blog, we break down why passwords aren’t enough anymore, what better options look like, and how your business can upgrade its login security for good.
Open laptop with a hand in a black leather glove coming out the screen and reaching to the keyboard

Microsoft confirms: Hackers can access your account – no password needed

by The Orbital10 Team 11 June 2025
Think your Microsoft account is safe behind a strong password and MFA? Think again. A new tactic called device code phishing is letting cyber criminals bypass traditional security – using real Microsoft login pages to trick users into handing over access. In this blog, we break down how the attack works, why it's so dangerous, and what your business can do to stay ahead of it.
A mousetrap

Beware of the ‘Free’ Trap: How File Conversion Tools Could Be a Backdoor for Ransomware

by The Orbital10 Team 12 May 2025
“Free” online tools could be costing you more than you think. File conversion websites may be hiding ransomware or data theft tools. Here’s how to protect your business from this growing cyber threat.
A view of a teams video call between four people, all smiling and a couple of them waving

A Small Update to Microsoft Teams That Makes Meetings Run Smoother

by The Orbital10 Team 12 May 2025
Tired of saying “next slide, please” in Teams meetings? Microsoft just rolled out a long-awaited update that allows multiple presenters to control slides—making your meetings and webinars run more smoothly than ever. Here's what to expect.
More posts