Well, that's a daft idea!
When you look at a company you want to spend money with, for example going on holiday, it's been well advertised that you don't use a company that is not ABTA accredited? Right, and if you do there's a strong chance you could end up in some sort of difficulty.
So when using a business that is required to hold your personal or sensitive data would you not ask if they had a similar accreditation to protect your data or in fact money?
My thoughts are that if Cyber Essentials or indeed ISO27001 are not in place, then the people looking at using these companies should be able to make a quick informed decision not to use them.
If this was the case, then the push to become accredited then lands in the lap of the companies in question as they would be watching their potential business walk off and work with an accredited competitor.
What better motivation that would be rather than a fine that a company wouldn't even batter an eyelid at.
Add Value by trend, not stupidity.
Should companies be fined for not doing cyber security basics?