Cyber security for business
Cyber Essentials scheme
Cyber Essentials is a government-backed scheme that details the minimum baseline standard for cyber security. The scheme sets out five basic technical security controls that, when implemented correctly, can protect organisations against a wide range of the most common cyber threats.
The five technical controls cover:
- secure configuration
- user access control
- malware protection
- security update management
All Cyber Essentials certifications started on or after 24 April 2023 will be assessed using the new version of Cyber Essentials requirements (PDF, 556K).
Under the scheme, there are two levels of certification.
Cyber Essentials self assessment
For this certification, organisations assess themselves against the five basic security controls. A qualified assessor then verifies the information provided.
You can download the self assessment questions for free in advance of your certification which you can then complete online.
Costs of certification start from £300 plus VAT, depending on the size of your organisation. The certification lasts 12 months and needs to be renewed annually.
Small businesses in certain sectors across the UK can apply to take part in the Funded Cyber Essentials Programme, which provides 20 hours of free remote support from an NCSC-assured cyber security advisor. Find out more about the Funded Cyber Essentials Programme.
Cyber Essentials Plus
This level of certification includes the self assessment questionnaire and requires you to have the same protections in place. However, instead of self-assessing, a qualified assessor will verify the five technical controls through a technical audit on your IT systems.
The cost of this certification will depend on the size and complexity of your network. The certification lasts 12 months and needs to be renewed annually.
Get ready for certification
Guidance is available from the IASME consortium to help you get certified.
You can also use the Cyber Essentials readiness tool to help you prepare for certification.
The tool guides you through a series of questions based on the main parts of the Cyber Essentials requirements. If there are areas where you need to put more controls in place, you will get a link to guidance about how to make those changes.
At the end of this process, you will get a list of actions outlining what steps you need to take to prepare for Cyber Essentials and links to specific guidance on those actions.
Benefits of Cyber Essentials certification
Cyber Essentials certification puts security firmly into focus, which can in turn:
- help to attract new business
- differentiate you from your competitors
- reassure your customers that you take cyber security seriously
- raise your profile with insurers, investors and auditors
Certification also includes automatic cyber liability insurance for any UK organisation who certifies their whole organisation and has less than £20 million annual turnover (terms apply).
Finally, having a valid Cyber Essentials certification is mandatory if you intend to bid for central government contracts which involve:
- handling personal and sensitive information
- provision of certain technical products and services