What does Cyber Essentials mean?

Cyber Essentials is an accreditation sponsored by the National Cyber Security Centre (NCSC) and promoted by the UK government for UK businesses. It outlines fundamental activities recommended as a baseline for cyber security awareness and protection against attacks on business computing systems and data.

Get in Touch

A Guide to Cyber Essentials

Benefits of Cyber Essentials

Cyber Essentials helps protect against common cyber threats and demonstrate your commitment to cyber security.

  • Reassure your clients: Show customers that you are working to secure your IT against cyber attack.
  • Gain a competitive edge: Attract new business with the promise you have cyber security measures in place.
  • Assess your security stance: Gain a clear picture of your organisation's cyber security level.
  • Meet Government requirements: Some Government contracts require the Cyber Essentials certification.

What is Cyber Essentials Plus?

Cyber Essentials Plus has the same requirements as Cyber Essentials, however, Plus is the more thorough, audited version. 

It involves an independent auditor, assigned by your certification body, who verifies that the cyber security controls you claimed in your self-assessment are actually in place. This includes sampling a number of your PCs and running penetration tests to ensure compliance. The audit includes: 

  • Internal vulnerability scans to check patches and system configurations.
  • Tests on Internet gateways, public-facing servers, and user devices.
  • External scans of your public-facing infrastructure to check patches and configurations.

Benefits of Cyber Essentials Plus

Like Cyber Essentials, Plus offers the same core benefits but with an added layer of assurance through a technical audit. The certification demonstrates that your organisation has implemented the five basic controls, which:

  • Prevent around 80% of cyber attacks.
  • Improve supply chain security.
  • Enable you to win new business.
  • Permit you to work with the UK government.
  • Reassure stakeholders that you are committed to securing your and your customers’ data.

Additionally, achieving Cyber Essentials Plus ensures your systems meet the necessary security requirements to bid for Ministry of Defence (MOD) contracts.

Specific Requirements for Cyber Essentials Plus

The scheme specifies five cyber security controls to protect against cyber attacks, covering:

  • Firewalls
  • Secure configuration
  • Access control
  • Malware protection
  • Security update management

By implementing and maintaining these controls, organisations can ensure robust protection of their systems and data from a wide range of security threats..

Why is Cyber Essentials Important?

Cyber Essentials helps businesses to protect against cyber threats, saving time, money, and reputation. In the modern world, it is essential to have a robust stance against cyber threats. The cost of preparation and protection is always much lower than the cost of recovery. Being Cyber Essentials certified can open doors to new opportunities and provide discounts such as insurance ).

Certification offers peace of mind, ensuring defences are in place to protect against common cyber attacks, which often target businesses lacking technical controls.

How does Cyber Essentials Work?

As a business owner, you must review and address the key points in the checklist, adjusting equipment, processes, and training where needed. Once all criteria are met, you apply for accreditation. Cyber Essentials is self-assessed, while Cyber Essentials Plus involves  an independent third-party inspection.

What does Cyber Essentials Cover?

The scope of the accreditation can vary based on an organisation’s services, procedures, and staff training related to data and computer use.

Read our details about Cyber Essentials article to learn more about the specific requirements.

Cyber Essentials Framework

Cyber Essentials is designed to help businesses of all sizes to fully consider and protect their IT Systems from common cyber attacks, with measures to:

  • Have fully patched software.
  • Identify and address vulnerabilities.
  • Ensure system backup.
  • Educate the whole workforce.
  • Review third-party software before using it.
  • Encourage reporting of suspicions and breaches.
  • Implement plans to promptly deal with a security breach.

Cyber Essentials Costs

The cost of Cyber Essentials certification varies based on the organisation size, ranging from £300 for a micro organisation to £500 for larger businesses. Here is a price breakdown: 

  • Micro organisations (0-9 employees): £320 + VAT.
  • Small organisation (10-49 employees): £440 + VAT.
  • Medium organisation (40-249): £500 + VAT.
  • Large organisation (<250 employees): £600 + VAT.

Additional indirect costs include the time needed to implement and maintain changes to systems and processes. Many businesses will benefit from external support, with fees depending on the level of support required.

Why Invest in Cyber Essentials?

Investing in Cyber Essentials involves both time and financial costs but can save your business more in the long run. In addition, it is a recognised and trusted mark of quality, and essential for working with public service organisations that now require  this standard from suppliers. 

How to Achieve the Cyber Essentials Certification

Cyber Essentials Checklist:

Flex IT implements the following 10 Steps to Cyber Security as recommended by the National Cyber Security Centre. Our actions build resilience and reduce the risk of damage, loss, or disruption to your IT infrastructure.

10 Steps to Cyber Security

  1. Apply a comprehensive, risk-based approach to system and data management.
  2. Collaborate to build security that works for people in your organisation.
  3. Design, build, maintain and configure infrastructure securely.
  4. Manage and protect remote and mobile worker technology.
  5. Control who and what has access to systems and data (Passwords, Servers, Services, Firewalls, LAN/WAN, Infrastructure and removable media).
  6. Install and maintain layers of Malware prevention.
  7. Monitor to detect incidents and investigations into potential weaknesses.
  8. Advance planning to ensure swift response to and recovery from cyber incidents.
  9. Manage lifecycle vulnerability through updates, user education & IT security reviews.
  10. Supply Chain security.

For more detail on each of the 10 steps to cyber security, read the full article here.

Interested in getting Cyber Essentials certified? Learn more about our Cyber Essentials support service.

Sign Up To Our TechMoves Newsletter