33% of Contracts Now Require It: The Rising Power of Cyber Essentials in Public Procurement

How Cyber Essentials is Reshaping Public Sector Procurement

As cyber threats continue to evolve, the UK government's Cyber Essentials scheme has become a cornerstone of public sector procurement strategy. New research reveals how this certification is transforming the way government and suppliers approach cyber security, creating a more resilient supply chain while maintaining competitive markets.

Driving Change Through Mandatory Requirements

The evaluation shows that government contracting requirements are the primary driver of Cyber Essentials adoption, with 35% of organizations citing this as their main reason for certification. This mandatory approach has proven effective - approximately one-third of all contracts entered into by certified organizations now require Cyber Essentials certification. This requirement is reshaping how organizations approach cyber security, particularly in the public sector supply chain.

Streamlining Due Diligence

One of the most significant impacts of Cyber Essentials on public sector procurement is how it streamlines the supplier evaluation process. The research reveals:

• 48% of organizations report time savings when assessing CE-certified suppliers

• This rises to 59% for CE Plus certification

• Organizations save an average of 22% of their due diligence time per CE-certified supplier

• Time savings increase to 32% for CE Plus certified suppliers

These efficiency gains are particularly valuable in the public sector context, where procurement processes traditionally involve extensive security assessments.

Creating a Standardized Security Baseline

The scheme provides a cost-effective approach to supply chain security by establishing a standardized baseline across suppliers. This standardization brings several key benefits to public sector procurement:

• Reduced risk in government supply chains

• More efficient supplier evaluation processes

• The growing pool of security-conscious suppliers

• Minimal government overhead to run the program

• Self-sustaining certification model

• Reduction in duplicate security assessments

Beyond Basic Compliance

The research indicates that Cyber Essentials often leads to broader security improvements among certified organizations:

• 76% of organizations take additional security measures beyond the basic requirements

• 71% report strengthened organizational approach to security

• 86% note improved senior management understanding of cyber risks

• 91% report increased confidence in their security posture

These improvements contribute to a more secure and resilient public sector supply chain.

Growing Ecosystem

The program has fostered a robust support network that continues to expand:

• Over 340 certified Certification Bodies

• More than 900 individual assessors

• Continuous growth in monthly certifications (from 500 in 2017 to 3,500 in 2024)

• Strong geographical coverage across the UK

Future Considerations

While the scheme has demonstrated success, the research identifies areas for development:

• Enhanced integration with other government security requirements

• More support for smaller suppliers

• Better recognition of certification in procurement processes

• Clearer guidance on implementation

The Way Forward

As cyber threats continue to evolve, Cyber Essentials provides a foundation for secure public sector procurement. Its role in creating a more resilient supply chain while maintaining competitive markets makes it an invaluable tool in the government's cyber security arsenal.

The scheme's success in public sector procurement offers a model for other sectors and demonstrates how government can effectively drive security improvements across the economy. As we look to the next decade, the challenge will be maintaining this momentum while adapting to new threats and technological changes.

New here? Welcome aboard! Join the Focus community to get insights straight to your inbox.

Need help standing out? Let us spotlight your business or service—partner with us.

Do you have a tip, question, or big win? We’re listening! Share it with us, and we’ll feature it.

Looking for expert advice? Our team of public sector pros has your back—get in touch here.

Until next time!