Cyber Essentials is a UK government-backed scheme that helps you protect your organisation, whatever its size, against a whole range of the most common cyber attacks.
It is becoming the industry standard for trust. If you want to bid for government contracts, it is mandatory. If you want to work with schools or large supply chains (like the MoD or NHS), it is expected.
Why bother getting certified?
- Reduce Risk: The controls required for certification stop an estimated 80% of common cyber attacks. See our Cyber Security page for more.
- Win Business: It serves as a trust badge. It proves to your prospective clients that you take their data safety seriously.
- Lower Insurance: Many cyber insurance providers require it as a baseline, or offer discounted premiums to certified businesses.
- Free Cyber Liability Insurance: For UK businesses with a turnover under ยฃ20m, certification often includes ยฃ25k of free cyber liability insurance (terms apply).
Standard vs Cyber Essentials Plus
Many businesses are confused about the difference between the two badges.
Cyber Essentials (Standard) This is a self-assessment. You answer a questionnaire about your security (e.g., "Do you have a firewall?"). A qualified assessor reviews your answers. If you pass, you get the badge. It is a great starting point.
Cyber Essentials Plus This is the big one. It involves a technical audit by an external auditor. They will actively scan your network, check your laptops for unpatched software, and try to bypass your email filters. Passing 'Plus' proves you aren't just saying you are secure - you actually are.
The 5 Key Controls
The certification focuses on five technical controls. While they sound technical, they are really just 'digital hygiene'.
- 1. Firewalls: Securing your internet connection. Ensuring you aren't exposing your server to the entire world.
- 2. Secure Configuration: Changing default passwords (like 'admin/admin') and removing unused software. We automate this with Business Premium.
- 3. User Access Control: Ensuring only the right people have access. Crucially, this means not using an 'Administrator' account for day-to-day emailing and browsing.
- 4. Malware Protection: Having active, updated antivirus on all devices.
- 5. Patch Management: This is the big one where most fail. You must ensure all software (Windows, Office, Chrome, Zoom) is updated within 14 days of a high-risk security fix being released.
Pricing & Tiers
The official cost of the Cyber Essentials assessment is set by the accreditation body (IASME) and is tiered based on the size of your organisation:
- Micro (0-9 employees): ยฃ320 + VAT
- Small (10-49 employees): ยฃ440 + VAT
- Medium (50-249 employees): ยฃ500 + VAT
- Large (250+ employees): ยฃ600 + VAT
Note: This fee is just for the assessment. If you need help fixing gaps or pre-audit consulting, that is where we come in (see our Managed IT Support plans).
How Fresh Tech Helps
Passing the assessment can be daunting. 'Patch Management' alone requires a system to track and update every device you own. We act as your guide. We perform a Gap Analysis pre-audit to find where you would fail. We then fix those gaps (e.g., deploying automated patching tools). Finally, we guide you through the submission process to guarantee a pass.