Cyber Essentials

Cyber Essentials is a United Kingdom certification scheme designed to show an organisation has a minimum level of protection in cyber security through annual assessments to maintain certification. Backed by the UK government and overseen by the National Cyber Security Centre

CYBER ESSENTIALS

Organisations assess themselves against five basic security controls of around 70 questions and a qualified assessor verifies the information provided meets the criteria for Essentials certification.

All the self assessment questions are available to download for free in advance. Cyber Essentials certification includes automatic cyber liability insurance for any UK organisation who certifies their whole organisation and have less than £20m annual turnover (terms apply).


Why Should i have Cyber Essentials?

Cyber Essentials certification is a valuable cybersecurity certification for individuals and organisations, particularly in the context of the increasing threat landscape of cyberattacks. Here are several reasons why you might consider obtaining Cyber Essentials certification:

  1. Basic Cybersecurity Assurance: Cyber Essentials is designed to provide a basic level of cybersecurity assurance. It helps ensure that you have implemented essential security controls and practices to protect your systems and data from common cyber threats.
  2. Business Requirements: Some organisations, especially government agencies and larger enterprises, require their suppliers and partners to have Cyber Essentials certification as a prerequisite for doing business. Obtaining this certification can open up new business opportunities.
  3. Customer Trust: Cyber Essentials certification can enhance your organisation’s reputation and build trust with customers and clients. It demonstrates your commitment to cybersecurity and the protection of sensitive information.
  4. Risk Mitigation: Cyber Essentials helps you identify and address cybersecurity vulnerabilities in your organisation, reducing the risk of data breaches and cyberattacks. This proactive approach can save you from potentially costly security incidents.
  5. Legal and Regulatory Compliance: Depending on your industry and location, there may be legal or regulatory requirements related to cybersecurity. Cyber Essentials can help you meet some of these requirements and avoid potential legal issues.
  6. Insurance Premiums: Some insurance companies may offer lower premiums to organisations that have Cyber Essentials certification because it signifies a certain level of cybersecurity readiness.
  7. Third-Party Assessments: If you work with third-party vendors or suppliers, having Cyber Essentials certification can make it easier to assess their cybersecurity practices and ensure they meet your security standards.
  8. Continuous Improvement: The process of obtaining Cyber Essentials certification encourages organisations to continuously improve their cybersecurity posture. It involves assessing and updating security policies and practices to adapt to evolving threats.
  9. Educational Value: Pursuing Cyber Essentials certification can provide valuable education and training for your staff, helping them understand and implement fundamental cybersecurity best practices.
  10. Cost-Effective: Cyber Essentials is relatively affordable and does not require extensive resources to achieve. It can be a cost-effective way to enhance your organisation’s cybersecurity.
  • While Cyber Essentials certification provides a solid foundation for cybersecurity, it’s important to note that it is not a comprehensive cybersecurity solution. Organisations with more complex security needs may need to complement it with additional certifications or security measures. However, for many organisations, especially small and medium-sized enterprises (SMEs), Cyber Essentials can be an essential first step in improving cybersecurity defenses.


Prices start from £600 + VAT

CYBER ESSENTIALS PLUS

Cyber Essentials Plus is an expansion upon the “Cyber Essentials Verified Self-Assessment” which includes an audit of the organisations IT systems. All organisations MUST have Cyber Essentials Verified Self-Assessed certification dated within 3 months prior to applying for Cyber Essentials Plus. Please note: Plus packages can include Cyber Essentials Verified Self-Assessment by selecting the bundle option.

Cyber Essentials Plus involves an audit of your system by one of our highly trained assessors. The aim of the assessment is to confirm that all controls that have been declared in Cyber Essentials are implemented on the organisations network. By undertaking and completing Cyber Essentials Plus, you can declare publicly, that your organisation has been proven to meet baseline security standards set out by Cyber Essentials.

The key elements of a Cyber Essentials Plus audit can be summarised as follows:

  • An assessor will pick a sample of computers at your organisation and perform an audit to ensure that the devices are configured as per the scheme.
  • A vulnerability scan will be performed on these machines to confirm patching and basic configuration is at an acceptable level
  • An external port scan of your internet facing IP addresses will be conducted to ensure no clear and obvious misconfigurations or vulnerabilities can be identified.
  • A test will be conducted on your default email/internet browser to confirm how well configured they are to prevent execution of fake malicious files.
  • Screenshots will be taken as evidence that the system is Cyber Essentials compliant.


Should there be any issues identified that require remediation, there is an extended period of 30 days with this package. Failure to complete remediation in this time will result in a fail.

On successful certification of your organisation you will be provided with a certificate that is valid for 12 months from pass date. Optionally, you may be added to a list of Cyber Essentials certified companies, and you can hence forth advertise your organisations compliance to the Cyber Essentials Scheme.


A qualified assessor examines the same five controls, testing that they work through a technical audit.

Cyber Essentials certification includes automatic cyber liability insurance for any UK organisation who certifies their whole organisation and have less than £20m annual turnover (terms apply).

CYBER ESSENTIALS PLUS IS £POA. (Company size & locations dependant) but prices start at £2495 + VAT including prerequisite Essentials

Cyber Essentials Plus Certification still has our trademark simplicity of approach. The protections you need to have in place are the same, but this time the verification of your cyber security is carried out via a technical audit.

  • The Basic certification is a pre requisite for Essentials Plus.
  • The physical attendance of the office of the business (or ALL OFFICES depending on what they want to be in scope) which will marry with the basic certification.
  • Plus checks the following:
  • Internal and External Vulnerability Assessment
  • AV test
  • Email Security test
  • Firewall test
  • Policy Review (paper)
  • Policy Review (technical)
  • User Accounts
  • MFA