Skip to main content

The Cyber Essentials and Cyber Essentials Plus framework was originally developed by the UK’s National Cyber Security Centre to help businesses become more aware and secure against cyber-attacks and data breaches from technology systems.

By holding Cyber Essentials accreditation you are telling your current and prospective customers, clients and suppliers that you take cyber security seriously and are actively implementing measures to put your organisation in a much more secure position against cyber threats and information risks.

It’s easy to get started – Cyber Essentials certification has been designed to be light-weight and easy to follow. More information and a downloadable self-assessment questionnaire can be found here:

What are you assessed against?

The following five security controls might appear quite daunting to smaller businesses but many of the security measures required for accreditation are low-cost and, in some cases, may already be in place, or not yet applied or realised.

  • Firewalls - Ensuring you have sufficient protection for your devices and networks from Internet-based threats.

  • Secure configuration - Changing all default passwords, removing redundant accounts and setting up device locking etc.

  • Security update management – Ensuring all hardware and software is kept up to date and that patches are implemented in a timely manner.

  • User access control – Giving users access only to the resources and data necessary for their roles.

  • Malware protection – Protecting against threats such as viruses and other malicious code on all your devices.

What does Cyber Essentials Plus involve?

Cyber Essentials Plus still has the same simplicity of approach and the protection you need to put in place are the same, but a hands-on technical verification is carried out.

There are local businesses that can assist, provide consultancy and conduct assessments so there is no necessity to bring a company over.

Why should you get Cyber Essentials?

Certified cyber security

  • Reassure customers that you are working to secure your IT against cyber attack
  • Attract new business with the promise you have cyber security measures in place
    • You're able to publicise your organisations accreditation on your website/social media etc
  • You have a clear picture of your organisation's cyber-security level

Accreditation and funding

Accreditation lasts for 12 months before another assessment is required. This might seem quite a short amount of time, however, technology and security threats move and adapt quickly so it is important that you can prove you have kept your controls up to date. Some assessors may offer a renewal discount for successive years for returning customers.

Once accredited, you may even be eligible for 12 months of free cyber insurance (terms & conditions apply). To find out more about the Cyber Essentials and Cyber Essentials Plus accreditations, please visit:

As part of the Department for Enterprise’s Business Improvement Scheme (BIS), you may be eligible for a 50% funding grant (up to £5,000) to gain accreditation. To find out more about the BIS, please visit:

Downloadable Documents

Cyber Essentials Infographic (PDF)