Cyber Essentials is a UK government-backed scheme that helps organisations protect themselves against the most common cyber attacks. It's affordable, widely recognised, and increasingly required to win contracts - especially in the public sector. Here's what you need to know.

What is Cyber Essentials?

Cyber Essentials is a certification that demonstrates your business has the fundamental security controls in place to defend against around 80% of common cyber attacks. It's backed by the National Cyber Security Centre (NCSC) and designed to be achievable for organisations of any size.

The five technical controls

Certification is based on getting five core areas right:

  1. Firewalls - securing the boundary between your network and the internet.
  2. Secure configuration - removing default passwords and unnecessary features that attackers exploit.
  3. User access control - giving people only the access they need, and protecting admin accounts.
  4. Malware protection - antivirus and anti-malware on your devices (see endpoint protection).
  5. Security update management - keeping software and devices patched (more on patch management).

Get these five right and you've closed the doors most attackers walk through.

Cyber Essentials vs Cyber Essentials Plus

There are two levels:

  • Cyber Essentials - a self-assessment questionnaire, verified by a certification body. Quick and cost-effective.
  • Cyber Essentials Plus - everything above, plus a hands-on technical audit by an assessor to verify the controls actually work.

Many organisations start with the base level and move to Plus as customers or contracts demand it.

Why bother getting certified?

  • Win business - it's mandatory for many government contracts and increasingly expected in supply chains.
  • Reduce risk - the controls genuinely cut your exposure to common attacks.
  • Reassure customers - it's visible proof you take security seriously.
  • Support compliance - it complements your GDPR obligations.

How to get certified

The process is straightforward with the right help: review your current setup against the five controls, close any gaps, complete the assessment, and submit for certification. Working with an IT support partner makes this far easier - we identify and fix the gaps for you, then guide you through the assessment.

The bottom line

Cyber Essentials is one of the highest-value security steps a UK business can take: low cost, real protection, and a tangible commercial advantage. Pair it with our small business security checklist to cover the rest. Ready to start? Request a callback.

Frequently asked questions

What is Cyber Essentials?

Cyber Essentials is a UK government-backed certification that shows your business has five fundamental security controls in place to defend against common cyber attacks.

What is the difference between Cyber Essentials and Cyber Essentials Plus?

Cyber Essentials is a self-assessment, while Cyber Essentials Plus adds a hands-on technical audit by an assessor to verify the controls are genuinely working.

How long does Cyber Essentials certification take?

Many businesses achieve basic Cyber Essentials in a few weeks once the controls are in place. Cyber Essentials Plus takes longer because of the verification audit.