It’s easy to assume that your business is too small to be targeted by cyber-attacks. But in reality, criminals often see SMEs as low-hanging fruit – especially those handling sensitive data. That’s why Cyber Essentials has become such an important stepping stone for businesses looking to prove they take cyber security seriously.
This blog explores how one Oxford-based firm used Cyber Essentials to build stronger defences, win new clients, and create a more secure workplace culture. So, if you’re wondering whether certification is worth your time, keep reading.
Why Cyber Essentials Is Worth Your Time
There are high stakes for SMEs when it comes to handling sensitive or regulated data – think client records, financial files, or HR information. Just one breach can tarnish your reputation, halt operations, and also bring serious regulatory consequences.
In fact, the Cyber Security Breaches Survey 2025 reveals that only 3% of businesses hold Cyber Essentials, although it’s more common for larger businesses (21%) to seek the certification – even though there may be more who meet the standard.
Attaining Cyber Essentials provides significant benefits to businesses, as it demonstrates their commitment to ensuring robust security. This practical framework helps your business prevent common threats, demonstrate compliance with GDPR and other regulations, and instil confidence with clients and partners.
Let’s explore how one Oxford firm recently adopted Cyber Essentials and enhanced their cyber security to set themselves up for long-term success.
The Firm at a Crossroads: Thames Legal Group
Meet Thames Legal Group, a growing legal firm based in central Oxford. With a team of 15 solicitors and paralegals, they specialise in property and family law. However, when their client base began to expand, so did their exposure to risks.
As they began handling more sensitive client data, like financials, ID scans, and confidential case files, a growing concern started to mount over GDPR compliance and data protection obligations. Leadership knew they needed to improve their cyber security posture but weren’t sure where to begin.
Cyber Challenges: What Was Holding Them Back?
Lacking a structured approach to cyber security, Thames Legal Group had been relying on ad hoc IT support. However, this meant that they faced a growing number of issues that weren’t being addressed properly, including:
- A significantly increasing volume of phishing attempts targeting their staff inboxes.
- No formal security policy or awareness training in place.
- Limited visibility into software versions, patching, and user access.
- No use of multi-factor authentication (MFA).
As the issues grew, they realised that without action, they were leaving the door wide open to attacks – and risked losing client trust.
Steps to Cyber Essentials Certification
The firm partnered with EAC Network Solutions, a trusted Oxford cyber security provider, to expertly guide them through the certification process. Together, they began tackling the journey by implementing:
- Asset Inventory: The first step was identifying all devices, software, and cloud services used across the firm to gain visibility into potential risks and ensure all endpoints were accounted for.
- Patch Management: EAC introduced a reliable process to keep all operating systems and applications up-to-date. This reduced vulnerabilities and ensured critical security patches were installed promptly.
- MFA Rollout: MFA was implemented across email accounts, cloud platforms, and other key systems, adding an essential layer of protection against unauthorised access.
- Security Policy Development: Clear and practical policies were drafted to cover acceptable use, password management, remote working, and incident reporting.
- Staff Training & Simulations: All team members underwent tailored cyber awareness training, helping them recognise threats like phishing emails and suspicious links.
With expert guidance and a focused team effort, Thames Legal Group achieved Cyber Essentials certification within six weeks.
Results and Business Impact
In addition to achieving Cyber Essentials, the impact was immediate and far-reaching:
- Two new client contracts secured, with prospects citing Cyber Essentials as a deciding factor.
- Staff engagement improved, with employees feeling more confident and aware of security risks.
- IT support tickets dropped by over 30% as patching and access controls reduced recurring issues.
- A credibility boost in tender documents, RFPs, and onboarding processes with new clients.
Lessons for Similar Businesses
If you’re a business in Oxford wondering how to start your own cyber security journey, here’s what Thames Legal Group learnt:
- Start small by beginning with basic policies, regular updates, and simple user training.
- Cyber Essentials is more affordable than you may think, offering SMEs a cost-effective certification to help boost their credibility.
- Strengthening your cyber security is a scalable and sustainable choice that helps you build long-term resilience.
- Your business can earn trust by gaining certification, helping you stand out in proposals and reassuring clients that you’re serious about security.
Ready to Take the Next Step?
Cyber Essentials provided Thames Legal Group with a clear structure for growth, backed by the confidence of their clients.
If you’re based in Oxford and want to strengthen your cyber defences, our comprehensive cyber security solutions can help. Whether you’re just getting started or need support through certification, we offer tailored cyber security that meets your needs.
Book a free consultation with us today to explore how Cyber Essentials could work for your business.
