Cyber Essentials
Strengthen your organisation's cybersecurity defences by implementing effective controls in five distinct areas. The experts at the National Cyber Security Centre have created this standard to help protect against the most common attacks - and recent research proves it really works in practice.
Security Updates
Prevent cyber criminals using the vulnerabilities they discover in software as an access point to your systems
Malware Protection
Identify and immobilise viruses or other malicious software before it has a chance to cause harm
User Access Control
Who can access your data and services and what level of access they have
Secure Configuration
Minimises the avenues through which a cyber criminal can find a way in
Firewalls & Routers
Creates a security filter between the internet and your network
Why Cyber Essentials?
- Help protect your organisation by putting in place simple and effective measures
- Reassure your customers that you take your IT security seriously
- Attract new business by demonstrating you have appropriate cyber security measures in place
- Gain a clear understanding of your organisation's level of cybersecurity
- Win contracts that require Cyber Essentials certification
- As a bonus, you can get free Cyber Insurance with coverage of £25,000 and access to a 24/7 cyber emergency response team.
About Cyber Essentials
Cyber Essentials is a government backed scheme to help protect organisations, whatever their size and in any sector, against a wide range of common cyber attacks. These attacks come in many forms but the vast majority are very basic and carried out by low skilled individuals. Think of it as the digital equivalent of a burglar trying your front door to see if it is unlocked.
4N6 is part of a national network of licensed certification bodies that assess Cyber Essentials. The scheme as a whole is run by IASME on behalf of the National Cyber Security Centre, which is part of GCHQ.
How We Can Help
Every organisation is different, and so is the kind of support they need when working towards Cyber Essentials certification. Some are keen to get into the technical details, make the necessary changes, and complete the self-assessment on their own. Others prefer a bit more help along the way. That’s why we offer three service levels to support your journey towards Cyber Essentials certification.
We’re proud to be both a recognised Cyber Essentials Certification Body and a Cyber Advisor Assured Service Provider, working alongside the National Cyber Security Centre (NCSC) to help improve cybersecurity for businesses and charities across the UK. By holding both statuses, we’re able to offer the advice and guidance you need to meet the standard which allows you to complete the certification process with confidence.
Our services have been independently assessed through the Cyber Advisor scheme, something only around a quarter of Certification Bodies have achieved. That means you can count on us to provide trusted, cost-effective support that’s designed especially for small and medium-sized organisations. We’ll help you meet the Cyber Essentials requirements, while also strengthening your cybersecurity overall.
Gap Analysis, Remediation Advice & Assessment
Our Cyber Advisor assured service will help you through the whole process of gaining Cyber Essentials certification.
- We'll gather initial information from you, then discuss your current IT systems and ways of working. This will help us identify areas for improvement to meet the Cyber Essentials standards and to improve your security more generally.
- We'll provide remediation advice, guiding you through how to make changes to your systems and policies to meet the requirements.
- We'll assist you in formulating the answers to the self-assessment questionnaire.
We use a collaborative approach to ensure you are ready for certification, helping you successfully pass the assessment. We can get organisations through Cyber Essentials within a few days where you can make the required changes equally as quick. It is usually a more enjoyable process if the improvements take place over a period of 2-3 months.
Support, Pre-check & Assessment
Choose this option if you have a good understanding of the guidance documents and can put in place many of the controls yourself. We'll answer your queries about how to meet the standard, provide guidance on answering the questionnaire and also review your self-assessment responses prior to submission. This level of support is designed for those with technical knowledge who are going through Cyber Essentials for the first time.
Assessment Only
We will answer quick queries about how to meet the standard, but you will be expected to have read and understood the guidance, and complete the questionnaire yourself. The assessment fees are decided by IASME and are subject to adjustment from year to year. We recommend this option only if you are confident you already meet all criteria.
Not sure which option is right for you?
Contact us today to take the first steps to Cyber Essentials accreditation.
Gaining Cyber Essentials Certification: The DIY Route
Review the requirements, guidance and the questions | |
Before 28 April 2025 Cyber Essentials: Requirements for IT Infrastructure v3.1 Cyber Essentials Knowledge Hub | On or after 28 April 2025 Cyber Essentials: Requirements for IT Infrastructure v3.2 |
Put in place any changes necessary to meet the standard | Assess yourself against the requirements and decide what needs to be done. If you need assistance, our Cyber Essentials gap analysis and remediation advice service can help. | |
Submit a questionnaire online for assessment | When arranging the assessment through us, we will endeavour to have your account set up within 24 hours. After submitting the questionnaire, the answers you've provided will need to be approved by someone at the highest level of your organisation. An assessor will then check the answers and get a response back to you, usually within 48 hours. | |
Get your result | If you've passed first time - congratulations! Your certificate will be available electronically and you'll be provided with a digital badge to put on your website. If you don't pass on the first attempt, you have one opportunity to remedy any issues and resubmit your answers within a short timescale. | |
Maintain your certification | Once you've met the Cyber Essentials requirements, we're able to offer you our Cyber Essentials maintenance service. We'll be on hand for any quick cyber security queries throughout the year, including when you're planning on changing your systems or implementing new ones. When it comes time to renew your certification, we'll review the gap analysis, advise on any changes needed and assist you in preparing the annual questionnaire for submission. | |
Micro Organisations (1-9 People)
Gap Analysis, Remediation Advice & Assessment
£660+VAT
Support, Pre-check & Assessment
£510+VAT
Assessment Only
£320+VAT
Small Organisations (10-49 People)
Gap Analysis, Remediation Advice & Assessment
£840+VAT
Support, Pre-check & Assessment
£620+VAT
Assessment Only
£440+VAT
Medium Organisations (50-249 People)
Gap Analysis, Remediation Advice & Assessment
£990+VAT
Support, Pre-check & Assessment
£675+VAT
Assessment Only
£500+VAT
Large Organisations (250+ People)
Support, Pre-check & Assessment
£750+VAT
Assessment Only
£600+VAT
Frequently Asked Questions
It typically takes a few weeks to go through the whole Cyber Essentials process, although if your organisation or its technology is particularly complex it could take much longer.
Many Small and Medium Enterprises achieve Cyber Essentials certification within a month. This involves understanding the requirements of the scheme, identifying where you need to make changes, making those changes and submitting your self-assessment online. After submitting your questionnaire, you'll usually get a response from an assessor within 48 hours.
If you're able to put in place all necessary measures yourself, the assessment costs £320+VAT to £600+VAT depending on the size of your organisation. This is the standard fee charged by IASME and is subject to adjustment from year to year.
Should you need assistance identifying where you may not comply with the requirements and need advice on how to put in place any changes, we offer a gap analysis and remediation advice service starting at only £660+VAT which also includes the cost of the assessment.
After you have completed your online self-assessment, someone from the highest level of your organisation (e.g. Board of Directors) signs a declaration to confirm the assessment answers are true and correct. A Cyber Essentials assessor who works for a licensed certification body will then evaluate the responses against the standard.
In the event you pass, you'll receive your certificate electronically and a digital badge you can display on your website. If the scope of the assessment includes your whole organisation you may also be eligible for free Cyber Insurance with coverage of £25,000 and have access to a 24/7 cyber emergency response team.
If you fail, you'll have an opportunity to re-submit your responses within 2 working days. If you still don't meet the standard, you will receive feedback so you know what areas need to be addressed to improve your cyber security.
Certificates last for 12 months. You'll need to go through a new assessment within this period to maintain your Cyber Essentials certification.
The requirements are:
- Whole organisation included in the scope of Cyber Essentials assessment
- Head Office domiciled in the UK, Jersey, Guernsey or Isle of Man
- Annual turnover under £20 million
- You opt in to the insurance
The insurance provides £25,000 of cover, although this can be increased by speaking to the insurance brokers. The insurers have in place a first response team available 24 hours a day. Further details about the insurance can be found on the IASME Cyber Liability Insurance page.
Yes, absolutely.
Some contracts for Governmental organisations may require you to be Cyber Essentials certified or be able to demonstrate the relevant technical controls are in place. We're now seeing similar requirements appearing in contracts from commercial organisations who want to ensure there are sufficient cyber security measures along their supply chain.
There is a Cyber Essentials Certificate search tool on the IASME website. You can enter the name of an organisation to find any certificates issued to them in the last 12 months.
Cyber Essentials Plus is an audited version of Cyber Essentials. To gain this level of certification you first need to be Cyber Essentials certified then have a Cyber Essentials Plus audit within 3 months. If you're interested in becoming Cyber Essentials Plus certified, please contact us.
The Cyber Essentials scheme standards can be found above. This is comprised of the requirements for IT infrastructure and the questionnaire you'll need to complete. There is plenty of guidance available on the Cyber Essentials Knowledge Hub, and you can always use our Gap Analysis and Remediation Advice service to help you identify where changes are necessary.
The requirements change slightly from year to year and depend mostly on changes to technology and differences in the attack methods cyber criminals use.
Once you've met the Cyber Essentials requirements, we're able to offer you our Cyber Essentials maintenance service. We'll be on hand for any quick cyber security queries throughout the year, including when you're planning on changing your systems or implementing new ones. When it comes time to renew your certification, we'll review the gap analysis, advise on any changes needed and assist you in preparing the annual questionnaire for submission.