About Cyber Essentials
Cyber Essentials is a government backed scheme to help protect organisations, whatever their size and in any sector, against a wide range of common cyber attacks. These attacks come in many forms but the vast majority are very basic and carried out by low skilled individuals. Think of it as the digital equivalent of a burglar trying your front door to see if it is unlocked. The scheme is assessed by a national network of licensed certification bodies and delivered by IASME on behalf of the National Cyber Security Centre (part of GCHQ).
Why Cyber Essentials?
- Protect your organisation by putting in place simple and effective measures
- Reassure your customers that you take your IT security seriously
- Attract new business by demonstrating you have cyber security measures in place
- Gain a clear understanding of your organisation's level of cybersecurity
- Win contracts that require Cyber Essentials certification
If your whole organisation is included in the certification, you may be eligible for free Cyber Insurance with coverage of £25,000 and access to a 24/7 cyber emergency response team. Even with that free insurance, you're far less likely to need it. Insurance industry claims data shows that organisations with Cyber Essentials are 92% less likely to make a cyber insurance claim than those without it.
How we can help
Gap Analysis and Remediation Advice
Using our Cyber Essentials Gap Analysis and Remediation Advice service, we can help you to identify in which areas your organisation does not yet meet the standard and provide guidance on how to put in place the necessary measures. We usually find the vast majority of remediation measures are simply a matter of changing a few settings, updating software or creating more secure passwords.
Assessment Support
When it comes to the assessment, we can also assist you in formulating the answers to the self-assessment questionnaire. Someone at the highest level of your organisation will need to agree that the answers to the questionnaire are true and accurate.
Pre-check
Before submission of the self-assessment questionnaire we can go through the responses with you to identify any areas it may fall short of the requirements or where more detail is required.
Frequently Asked Questions
It typically takes a few weeks to go through the whole Cyber Essentials process, although if your organisation or its technology is particularly complex it could take much longer.
Many Small and Medium Enterprises achieve Cyber Essentials certification within a month. This involves understanding the requirements of the scheme, identifying where you need to make changes, making those changes and submitting your self-assessment online. After submitting your questionnaire, you'll usually get a response from an assessor within 48 hours.
If you're able to put in place all necessary measures yourself, the assessment costs £320+VAT to £600+VAT depending on the size of your organisation. This is the standard fee charged by IASME and is subject to adjustment from year to year.
Should you need assistance identifying where you may not comply with the requirements and need advice on how to put in place any changes, we offer a gap analysis and remediation advice service starting at only £660+VAT which also includes the cost of the assessment.
After you have completed your online self-assessment, someone from the highest level of your organisation (e.g. Board of Directors) signs a declaration to confirm the assessment answers are true and correct. A Cyber Essentials assessor who works for a licensed certification body will then evaluate the responses against the standard.
In the event you pass, you'll receive your certificate electronically and a digital badge you can display on your website. If the scope of the assessment includes your whole organisation you may also be eligible for free Cyber Insurance with coverage of £25,000 and have access to a 24/7 cyber emergency response team.
If you fail, you'll have an opportunity to re-submit your responses within 2 working days. If you still don't meet the standard, you will receive feedback so you know what areas need to be addressed to improve your cyber security.
Certificates last for 12 months. You'll need to go through a new assessment within this period to maintain your Cyber Essentials certification.
The requirements are:
- Whole organisation included in the scope of Cyber Essentials assessment
- Head Office domiciled in the UK, Jersey, Guernsey or Isle of Man
- Annual turnover under £20 million
- Organisation opts in to the insurance
The insurance provides £25,000 of cover, although this can be increased by speaking to the insurance brokers. The insurers have in place a first response team available 24 hours a day. Further details about the insurance can be found on the IASME Cyber Liability Insurance website.
Yes, absolutely.
Some contracts for Governmental organisations may require you to be Cyber Essentials certified or be able to demonstrate the relevant technical controls are in place. We're now seeing similar requirements appearing in contracts from commercial organisations who want to ensure there are sufficient cyber security measures along their supply chain.
There is a Cyber Essentials Certificate search tool on the IASME website. You can enter the name of an organisation to find any certificates issued to them in the last 12 months.
Cyber Essentials Plus is an audited version of Cyber Essentials. To gain this level of certification you first need to be Cyber Essentials certified then have a Cyber Essentials Plus audit within 3 months. If you're interested in becoming Cyber Essentials Plus certified, please contact us.
The Cyber Essentials scheme standards can be found below. This is comprised of the requirements for IT infrastructure and the questionnaire you'll need to complete. There is plenty of guidance available on the Cyber Essentials Knowledge Hub, and you can always use our Gap Analysis and Remediation Advice service to help you identify where changes are necessary.
The requirements change slightly from year to year and depend mostly on changes to technology and differences in the attack methods cyber criminals use.
Once you've met the Cyber Essentials requirements, we're able to offer you our Cyber Essentials maintenance service. We'll be on hand for any quick cyber security queries throughout the year, including when you're planning on changing your systems or implementing new ones. When it comes time to renew your certification, we'll review the gap analysis, advise on any changes needed and assist you in preparing the annual questionnaire for submission.