Cyber Essentials is a UK government-backed certification that confirms your business has five basic security measures in place to stop the most common cyber attacks. This guide explains what it covers, who needs it, what it costs and how to get certified.
Cyber Essentials is a UK government-backed scheme — created by the NCSC and run by IASME — that certifies your business has five basic security measures in place. It is designed for ordinary businesses, not security specialists, and it is deliberately achievable for a small team. For the full plain-English walkthrough, read Cyber Essentials, explained.
You're most likely to need it when a customer or insurer asks for it, when you're bidding for a contract that requires it, or when you simply want a credible, recognised way to show you take security seriously. It is mandatory for some UK central government contracts.
Every Cyber Essentials assessment comes back to the same five areas. None of them needs a specialist — most are settings you can check this week. Our five-control checklist walks through each one.
Put these five in place and you've not only earned the certificate — you've genuinely reduced your risk, and you're already part-way through most security questionnaires.
Start wherever your question is. Each guide is a short, plain-English read — and they build on each other as you go.
Understand it
Get certified
Cost & comparisons
The certification fee by business size — and the real cost, which is the time to prepare.
What the "Plus" check adds, when it's worth it, and how much more it costs.
How the two compare, and why one is often a stepping stone to the other.
The measures you put in place here aren't a dead end. They carry across the other things customers ask of you — do the work once, use it everywhere. We're building SecurSentry around exactly that.
Cyber Essentials is a UK government-backed certification scheme that confirms your business has five basic security measures in place to defend against the most common cyber attacks: firewalls, secure settings, access control, malware protection and keeping software up to date.
Any UK business that wants to reassure customers, win contracts that require it, or meet a supplier or insurance condition. It is mandatory for some UK central government contracts that handle personal or sensitive data, and increasingly requested in private-sector security questionnaires.
The certification fee is set by IASME and banded by organisation size, starting from a few hundred pounds plus VAT for a smaller business. The larger cost is usually the time to put the five measures in place and gather evidence — which also counts toward other requirements later.
Cyber Essentials is a verified self-assessment. Cyber Essentials Plus covers the same five areas but adds a hands-on technical test by an external assessor, so it carries more assurance and costs more.