Cyber security for business

Cyber Essentials scheme

Cyber Essentials is a government-endorsed scheme that encourages organisations and businesses across the UK to adopt cyber security best practices.

The scheme has been in operation since 2014. It was set up to fulfil two needs:

  • to define a set of security controls organisations should use to reduce cyber risks
  • to provide an assurance framework organisations can certify to

The scheme and certification are suitable for all businesses, of any size and in any sector.

UK Cyber Essentials

The scheme sets out five technical security controls that, when implemented correctly, can prevent around 80 per cent of cyber attacks.

These controls are:

  • boundary firewalls and internet gateway
  • secure configuration
  • access control and administrative privilege management
  • malware protection
  • patch management

Read more about the five security essentials for your business.

Cyber Essentials certification

Under the scheme, there are two levels of Cyber Essentials certification available to your organisation:

  • Cyber Essentials - awarded on the basis of a verified cyber security self-assessment
  • Cyber Essentials Plus - on top of the self-assessment, this requires a further external testing and on-site assessment of cyber security practices

Find out about the different level of certification with Cyber Essentials.

Cyber Essentials cost

Certification is not free. Charges vary, but typically, annual certification will cost smaller companies:

  • between £200 and £400 at basic level certification
  • between £1,000 and £3,000 at the Plus level

If you plan to complete Cyber Essentials Plus, you will have to satisfy the basic Cyber Essentials assessment first, so keep in mind that the costs are cumulative.

Why is Cyber Essentials important?

Cyber Essentials certification raises your overall level of protection by putting security firmly into focus, which can:

  • provide you with a competitive selling point
  • help differentiate you from your competitors
  • enable you to say that your business follows government-endorsed standards
  • raise your profile with insurers, investors and auditors

Read about the benefits of certification.

Cyber Essentials and government contracts

From 1 October 2014, the Cyber Essentials scheme is mandatory for central government contracts which involve:

  • handling of personal and sensitive information
  • provision of certain technical products and services

Read the procurement policy note on the Cyber Essentials scheme.

See also common cyber security measures and learn practical steps to protect your business online.