What is the difference between Cyber Essentials and Cyber Essentials Plus?

Cyber Essentials is a self-assessment questionnaire that verifies your business has basic security controls in place. Cyber Essentials Plus includes the exact same requirements, but a qualified external assessor conducts an independent technical audit to verify that those controls are actually functioning correctly.

How much does Cyber Essentials certification cost in the UK?

The baseline cost for the Cyber Essentials self-assessment ranges from £320 to £600 depending on the size of your organization. Cyber Essentials Plus typically costs between £1,500 and £3,000, as it requires an external assessor to perform hands-on technical verification of your systems.

Is Cyber Essentials mandatory for UK businesses?

Cyber Essentials is mandatory if your business bids for central UK Government contracts that involve handling sensitive and personal information. It is also increasingly required by private sector supply chains, insurance providers, and regulatory bodies as a baseline standard for vendor risk management.

Cyber Essentials Certification Guide UK

In an era where ransomware attacks target small businesses just as frequently as massive enterprises, proving that your organization takes cybersecurity seriously is no longer optional. Cyber Essentials is the UK Government-backed, industry-supported scheme designed to protect businesses against the most common cyber attacks.

What is Cyber Essentials?

Operated by the National Cyber Security Centre (NCSC) and delivered by IASME, Cyber Essentials is a certification scheme that helps organizations guard against the most common cyber threats. The scheme focuses on five core technical controls:

Firewalls: Securing your internet connection to prevent unauthorized access.
Secure Configuration: Ensuring devices and software are set up securely (e.g., removing default passwords).
User Access Control: Restricting access to data and services only to those who need it.
Malware Protection: Protecting against viruses, ransomware, and other malicious software.
Patch Management: Keeping software and operating systems up to date with the latest security fixes.

Cyber Essentials vs. Cyber Essentials Plus

There are two levels of certification available. Understanding the difference is critical before beginning the application process.

Cyber Essentials (Basic)

This is a self-assessment certification. You log into a portal, answer a questionnaire about your IT infrastructure, and a board member signs a declaration confirming the answers are true. An assessor then reviews the questionnaire.

Self-assessed
Lower cost (£320 - £600)
Great baseline for SMEs

Cyber Essentials Plus

The Plus certification includes the same technical requirements as the basic level, but requires an independent technical audit. A qualified assessor will actively test your systems to verify that the controls are functioning correctly.

Independently verified
Higher cost (£1,500 - £3,000)
Required for many Govt contracts

Why Get Certified?

Beyond the obvious benefit of protecting your business from devastating data breaches, Cyber Essentials provides significant commercial advantages:

Win Government Contracts: It is mandatory for bidding on central UK Government contracts handling sensitive information.
Supply Chain Requirements: Large enterprises (like NHS Trusts and financial institutions) increasingly demand CE certification from all their vendors.
Reduced Insurance Premiums: Many cyber liability insurance providers offer reduced premiums or require CE certification to qualify for coverage.

How Dastute Helps You Pass

Failing the assessment means losing your application fee. Partnering with a Managed IT Service Provider like Dastute ensures you pass on your first attempt.

We conduct a pre-assessment gap analysis of your network, deploy the necessary technical controls (such as Mobile Device Management and EDR), and guide you through the entire questionnaire process.

The Complete UK Guide to Cyber Essentials