Why every UK business needs this government-backed certification, how to pass, and the difference between Standard and Plus.
Cyber Essentials is a UK government-backed scheme that helps you protect your organisation, whatever its size, against a whole range of the most common cyber attacks.
It is becoming the industry standard for trust. If you want to bid for government contracts, it is mandatory. If you want to work with schools or large supply chains (like the MoD or NHS), it is expected.
Why bother getting certified?
- Reduce Risk: The controls required for certification stop an estimated 80% of common cyber attacks.
- Win Business: It serves as a trust badge. It proves to your prospective clients that you take their data safety seriously.
- Lower Insurance: Many cyber insurance providers require it as a baseline, or offer discounted premiums to certified businesses.
- Free Cyber Liability Insurance: For UK businesses with a turnover under £20m, certification often includes £25k of free cyber liability insurance (terms apply).
Standard vs Cyber Essentials Plus
Many businesses are confused about the difference between the two badges.
Cyber Essentials (Standard) This is a self-assessment. You answer a questionnaire about your security (e.g., "Do you have a firewall?"). A qualified assessor reviews your answers. If you pass, you get the badge. It is a great starting point.
Cyber Essentials Plus This is the big one. It involves a technical audit by an external auditor. They will actively scan your network, check your laptops for unpatched software, and try to bypass your email filters. Passing 'Plus' proves you aren't just saying you are secure - you actually are.
The 5 Key Controls
The certification focuses on five technical controls. While they sound technical, they are really just 'digital hygiene'.
- 1. Firewalls: Securing your internet connection. Ensuring you aren't exposing your server to the entire world.
- 2. Secure Configuration: Changing default passwords (like 'admin/admin') and removing unused software.
- 3. User Access Control: Ensuring only the right people have access. Crucially, this means not using an 'Administrator' account for day-to-day emailing and browsing.
- 4. Malware Protection: Having active, updated antivirus on all devices.
- 5. Patch Management: This is the big one where most fail. You must ensure all software (Windows, Office, Chrome, Zoom) is updated within 14 days of a high-risk security fix being released.
Pricing & Tiers
The official cost of the Cyber Essentials assessment is set by the accreditation body (IASME) and is tiered based on the size of your organisation:
- Micro (0-9 employees): £320 + VAT
- Small (10-49 employees): £440 + VAT
- Medium (50-249 employees): £500 + VAT
- Large (250+ employees): £600 + VAT
Note: This fee is just for the assessment. If you need help fixing gaps or pre-audit consulting, that is where we come in.
How Fresh Tech Helps
Passing the assessment can be daunting. 'Patch Management' alone requires a system to track and update every device you own. We act as your guide. We perform a Gap Analysis pre-audit to find where you would fail. We then fix those gaps (e.g., deploying automated patching tools). Finally, we guide you through the submission process to guarantee a pass.
Find out more about our Cyber Essentials service
Is Your Business Secure?
Take our 60-second Cyber Essentials readiness check.
Cyber Essentials protects you against 80% of common cyber attacks. Find out if you would pass the government standard today.
Real Performance Stats
Live data from our helpdesk right now.
"Katie said we were Fantastic!!"
No comment provided.
Don't let IT hold you back
Our team can implement these solutions for you, usually in less time than it takes to watch a Marvel movie.
Chat with an Expert