What is Cyber Essentials?

Integral IT - What is Cyber Essentials?

Share This Post

Cybercrime is everywhere, but how, as a business, how can you begin to start to protect your data online? We recommend getting the Cyber Essentials Certification for every business.

This blog is all about what Cyber Essentials is, the levels of certification, cost and benefits.

So what is it?

Cyber Essentials is a government-funded scheme launched in 2014. It is both simple and effective in helping to protect businesses from cyber-attacks. It is available to companies of all sizes and beneficial to all.

Levels of Certification

Cyber Essentials consists of two different levels of certification.

Cyber Essentials – a self-assessment questionnaire sent off to a cyber essentials assessor. Some belief this not to be very reliable as it is purely self-assessed.

Cyber Essentials Plus – a self-assessment questionnaire and a Cyber Essentials assessor testing the IT network to confirm the correct answers have been provided. This is seen as a more reliable certification as an external assessor ensures the certification.


The basic level certification of Cyber Essentials costs around £350 per annum. Small businesses that require in-house IT knowledge may require assistance via an IT service/company to complete the self-assessment. Therefore, additional fees will stack on top of the standard price.

Cyber Essentials Plus requires £350 for self-assessment, but the independent assessor costs £1200+ depending on the location and size of the business.

If any of the controls are broken or insufficient and fail the assessment, money will need to be spent on them, therefore, adding more costs on top of these prices.

What are the tests?

  • Firewalls and internet gateways
  • Secure configurations
  • User access control
  • Malware protection
  • Patron management

Firewall & internet gateways

The testing in this section looks at the firewalls that protect your network. They need to be robust, correctly set up and configured. This, therefore, provides adequate protection for your network. If you or your employees work from home, routers would’ve been tested, but from January 2022, this has been discontinued as part of the assessment.

Each business computer will be tested to ensure there is a software firewall set up and installed properly as well as working correctly.

Secure Configuration

When a PC is initially installed, they are not usually very secure, and software may already be installed. If this is not removed or maintained, it can become a security risk for the business. If a product is no longer in use but still has software installed, it also must be adequately supported, or it becomes a security risk.

The quality of passwords that access any computer system will also be tested, and it will be made sure that all passwords are unique.

Patching and Updates

Software on computers will be tested; for example, using an old version would fail the assessment as software needs to be as up-to-date as possible. Servers and computers must have the up to date security patches, and any updates should be installed within 14 days.

Personal mobiles must be checked to ensure the latest version of the software is available if any work emails or work data is on them.

Access Control

User accounts on computers can have different levels of access. Standard accounts mean they won’t to be able to install software or change settings; however, with an Admin account, you can do both. However, if a full-access account is hacked, the hacker will also have full access, meaning more damage can be done. Everyone in the business should have standard access to complete day to day tasks, and admin access should be restricted to IT personnel or specific admin tasks.

New starter and new leaver processed will also be checked here. It has been known for old employees to have still access to an old account that has not been deactivated weeks, months and sometimes even years after leaving. This is a security risk.

Malware protection

Hackers create malware to steal/damage company data, so every device in the organisation needs to have robust antimalware protection that has been installed and set up correctly. Ensure anti-virus software is installed, the license is in date, or there will be no protection against new malware threats.

So what are the benefits of having Cyber Essential Certification?

Customer trust

Having this certification shows your customers that your business takes cyber security seriously. This makes your customers and potential customers feel much more protected and know that any data shared with the company is protected.

Pursue new business opportunities

If your business is looking to work with government organisations, local councils or any public sector organisations, you must have a Cyber Essentials Plus certification.

Cyber Security as a business agenda

Cyber security is not an IT issue; it is a business issue.  Everyone in your business should be educated and updated on Cyber security and threats.

Peace of mind

On top of these benefits for your business, you also get the personal benefit of having peace of mind that your business and data are much less likely to fall victim to a cyber-attack.

Because IT is an essential part of business, independent verification is necessary. The future is moving more and more online every day, and IT and Cyber security functions will become entirely separate.

What it Doesn’t cover

Cyber Essentials only covers the bare minimum you should have in place for your cyber security. It cannot offer immunity from any cyber-attacks nor mean that your cyber security is fool-proof.

Many essential IT functions are missing from this that should be put in place; however, as of January 2022, there have been more updates that the government have put in place. There is a blog available here and a YouTube video available here

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

How to use Microsoft to do

The ULTIMATE Microsoft To Do Tutorial

How do you handle your to-do lists? Do you write tasks on scraps of paper? Or do you pop them in a notebook? Perhaps you have a digital application such as Todoist!  If you’re a Microsoft 365 user, you already pay for a task management system! It is called Microsoft To Do.  We all have

Zero Trust Holy Grail

Is Zero Trust Security The Holy Grail OF Cyber Security?

USA president, Joe Biden, thinks that Zero Trust is the way to go in your cyber security journey, but, what is Zero Trust, and what does it mean for your business?  When it comes to your business, I’m sure you’ve got a strategy in place for how you’re going to win new business, market your

Scroll to Top