Guide

Cyber security for business

Cyber Essentials scheme

Cyber Essentials is a government-endorsed scheme that encourages organisations and businesses across the UK to adopt cyber security best practices.

The scheme has been in operation since 2014. It was set up to fulfil two needs:

  • to define a set of security controls organisations should use to reduce cyber risks
  • to provide an assurance framework organisations can certify to

The scheme and certification are suitable for all businesses, of any size and in any sector.

UK Cyber Essentials

The scheme sets out five technical security controls that, when implemented correctly, can prevent around 80 per cent of cyber attacks.

These controls are:

  • boundary firewalls and internet gateway
  • secure configuration
  • access control and administrative privilege management
  • malware protection
  • patch management

Read more about the five security essentials for your business.

Cyber Essentials certification

Under the scheme, there are two levels of Cyber Essentials certification available to your organisation:

  • Cyber Essentials - awarded on the basis of a verified cyber security self-assessment
  • Cyber Essentials Plus - on top of the self-assessment, this requires a further external testing and on-site assessment of cyber security practices

Find out about the different level of certification with Cyber Essentials.

Cyber Essentials cost

Certification is not free. The cost of Cyber Essentials (verified self-assessment) is £300 + VAT. The cost of a Cyber Essentials Plus assessment will depend on the size and complexity of your network.

For specific advice and guidance around costs and certification, you should contact IASME Consortium who have taken over the delivery of the scheme in April 2020. Previously, Cyber Essentials had been delivered through multiple accreditation bodies.

All new certificates issued by IASME will have a 12-month expiry date.

All certificates issued prior to 1 April 2020 or before 30 June 2020 on the existing scheme are valid until 30 June 2021. This includes those issued by Accreditation Bodies other than IASME.

On 30 June 2021, any certificate issued under the old scheme will expire.

Find out more in FAQs about the Cyber Essentials scheme and certification.

Benefits of Cyber Essentials certification

Cyber Essentials certification raises your overall level of protection by putting security firmly into focus, which can:

  • provide you with a competitive selling point
  • help differentiate you from your competitors
  • enable you to say that your business follows government-endorsed standards
  • raise your profile with insurers, investors and auditors

Cyber Essentials scheme is also mandatory for central government contracts which involve:

  • handling of personal and sensitive information
  • provision of certain technical products and services

Read the procurement policy note on the Cyber Essentials scheme.

See also common cyber security measures and learn practical steps to protect your business online.