What is Cyber Essentials?

Integral IT - What is Cyber Essentials?

Share This Post

Cybercrime is everywhere, but how, as a business, how can you begin to start to protect your data online? We recommend getting the Cyber Essentials Certification for every business.

This blog is all about what Cyber Essentials is, the levels of certification, cost and benefits.

So what is it?


Cyber Essentials is a government-funded scheme launched in 2014. It is both simple and effective in helping to protect businesses from cyber-attacks. It is available to companies of all sizes and beneficial to all.

Levels of Certification


Cyber Essentials consists of two different levels of certification.

Cyber Essentials – a self-assessment questionnaire sent off to a cyber essentials assessor. Some belief this not to be very reliable as it is purely self-assessed.

Cyber Essentials Plus – a self-assessment questionnaire and a Cyber Essentials assessor testing the IT network to confirm the correct answers have been provided. This is seen as a more reliable certification as an external assessor ensures the certification.



The basic level certification of Cyber Essentials costs around £350 per annum. Small businesses that require in-house IT knowledge may require assistance via an IT service/company to complete the self-assessment. Therefore, additional fees will stack on top of the standard price.

Cyber Essentials Plus requires £350 for self-assessment, but the independent assessor costs £1200+ depending on the location and size of the business.

If any of the controls are broken or insufficient and fail the assessment, money will need to be spent on them, therefore, adding more costs on top of these prices.

What are the tests?


  • Firewalls and internet gateways
  • Secure configurations
  • User access control
  • Malware protection
  • Patron management

Firewall & internet gateways


The testing in this section looks at the firewalls that protect your network. They need to be robust, correctly set up and configured. This, therefore, provides adequate protection for your network. If you or your employees work from home, routers would’ve been tested, but from January 2022, this has been discontinued as part of the assessment.

Each business computer will be tested to ensure there is a software firewall set up and installed properly as well as working correctly.

Secure Configuration


When a PC is initially installed, they are not usually very secure, and software may already be installed. If this is not removed or maintained, it can become a security risk for the business. If a product is no longer in use but still has software installed, it also must be adequately supported, or it becomes a security risk.

The quality of passwords that access any computer system will also be tested, and it will be made sure that all passwords are unique.

Patching and Updates


Software on computers will be tested; for example, using an old version would fail the assessment as software needs to be as up-to-date as possible. Servers and computers must have the up to date security patches, and any updates should be installed within 14 days.

Personal mobiles must be checked to ensure the latest version of the software is available if any work emails or work data is on them.

Access Control


User accounts on computers can have different levels of access. Standard accounts mean they won’t to be able to install software or change settings; however, with an Admin account, you can do both. However, if a full-access account is hacked, the hacker will also have full access, meaning more damage can be done. Everyone in the business should have standard access to complete day to day tasks, and admin access should be restricted to IT personnel or specific admin tasks.

New starter and new leaver processed will also be checked here. It has been known for old employees to have still access to an old account that has not been deactivated weeks, months and sometimes even years after leaving. This is a security risk.

Malware protection


Hackers create malware to steal/damage company data, so every device in the organisation needs to have robust antimalware protection that has been installed and set up correctly. Ensure anti-virus software is installed, the license is in date, or there will be no protection against new malware threats.

So what are the benefits of having Cyber Essential Certification?


Customer trust


Having this certification shows your customers that your business takes cyber security seriously. This makes your customers and potential customers feel much more protected and know that any data shared with the company is protected.

Pursue new business opportunities


If your business is looking to work with government organisations, local councils or any public sector organisations, you must have a Cyber Essentials Plus certification.

Cyber Security as a business agenda


Cyber security is not an IT issue; it is a business issue.  Everyone in your business should be educated and updated on Cyber security and threats.

Peace of mind


On top of these benefits for your business, you also get the personal benefit of having peace of mind that your business and data are much less likely to fall victim to a cyber-attack.

Because IT is an essential part of business, independent verification is necessary. The future is moving more and more online every day, and IT and Cyber security functions will become entirely separate.

What it Doesn’t cover


Cyber Essentials only covers the bare minimum you should have in place for your cyber security. It cannot offer immunity from any cyber-attacks nor mean that your cyber security is fool-proof.

Many essential IT functions are missing from this that should be put in place; however, as of January 2022, there have been more updates that the government have put in place. There is a blog available here and a YouTube video available here

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

How quickly should you get your IT problems fixed?
IT Security

How Quickly Should Your IT Problems Get Fixed?

IT Problems are probably one of the most frustrating things that can happen within your business. What are you to do when you’ve got deadlines to meet, or you’re working from home and can’t access anything? Are you then expected to contact your IT support and wait? How long should you wait? The answers to

Hackers are Beating Multi-Factor Authentication

Just when your thought your cloud applications were secure by implementing multi-factor authentication, hackers are developing strategies to beat this defence. If you didn’t already know, Multi-factor authentication is an essential part of your IT security for logging into your devices and cloud applications. With multi-factor authentication, you need to enter your username and password

Scroll to Top