What is the Cyber Essentials certification? - Everything You Need to Know

Cyber Security Essentials

Governments today are encouraging companies to focus on protecting their systems and data, especially with the ever-growing number of cyberattacks that pose massive threats to the privacy and security of information. Hence, the UK government created a certification scheme on the 5th June 2014 to assist organisations in obtaining the minimum level of cyber security. The Cyber Security Essentials is a certificate powered by the UK government and under the supervision of the National Cyber Security Centre (NCSC) that encourages organisations to optimise and adopt cyber security best practices in order to secure their clients’ data. Basically, there are two levels of cyber security essentials certificates: cyber essentials and cyber essentials plus.

The idea was a result of the collaboration between several parties such as the Information Security Forum (ISF), the Information Assurance for Small and Medium Enterprises Consortium (IASME), and the British Standards Institution (BSI), who aimed to establish a solid foundation to help the organisations secure their data.

In this blog, we will understand everything that your company needs to know about the cyber security essentials certificate and explore the significant benefits of obtaining it.


What is the cyber essentials certification?

The Cyber Essentials certificate is the first level in the program. It is considered a self-assessment practice. The organisations initially self-assess their systems, then fill out an online assessment which they submit to a cyber-essentials assessor. Once submitted the cyber-essential assessor, will then provide clear feedback on the areas in which the organisation needs to focus on to improve its weak spots. At this level, there is no independent validation completed by a third-party organisation to ensure the strength and correctness of the self-evaluation. This is the reason this certificate was referred to as “mark your own homework” by Raywood, Dan.

The price of the Cyber Essentials certificate can vary depending on the number of employees within the organization. The cost of the certificate varies according to four tiers, according to the National Cyber Security Centre (NCSC):

  1. Microbusinesses and organisations, which typically have up to nine employees, cost £ 300 plus VAT.
  2. Small organisations, which range between 10 and 49 employees, cost £ 400 plus VAT.
  3. Medium organisations, which range between 50 and 249 employees, cost £ 450 plus VAT.
  4. Large organisations, which include more than 250 employees, cost £ 500 plus VAT.

It is critical for your company to get clear and objective data when applying for the self-assessment; also, doing a self-assessment for your company’s assets and processes would require a lot of time and effort. At Redsquid, our team of experts can guide you through the certification process, answer all of your questions and assist you in precisely evaluating your systems to achieve the best results. Saving your company both time and effort.

What is cyber essentials plus?

The Cyber Essentials Plus certificate is the second level of the program. Although it shares the same principles as the program, it differs in the assessment; the Cyber Essentials Plus certificate involves a validation done by an accredited third-party organisation. In other words, the organisations applying for the certificate do not perform any self-assessments; instead, an accredited third-party organisation performs all the assessments and provides insights and areas for improvements. The plus certificate includes extra layers of assessment compared with the cyber essentials certificate, such as a technical audit of the company’s systems, an external vulnerability assessment, an internal scan, and most importantly, an on-site audit and assessment. Make sure to read our in depth breakdown of the differences between the cyber essentials and cyber essentials plus certificates in our blog.

Just like the Cyber Essentials pricing tiers, the Cyber Essentials Plus holds the same price as follows:

  1. Microbusinesses and organizations, which typically have up to nine employees, cost £ 1650 plus VAT.
  2. Small organizations, which range between 10 and 49 employees, cost £ 2250 plus VAT.
  3. Medium organizations, which range between 50 and 249 employees, cost £ 3250 plus VAT.
  4. Large organizations, which include more than 250 employees, cost £ 4,000 plus VAT.

How long does cyber essentials certification last?

The main objective of the certificate is to help the companies keep up with the latest trends and technologies related to cyber security; hence, the certificate would be valid for 12 months only, after which the organisation would need to renew their certification. The IASME removes businesses annually from their certified organisations’ list in case they did not renew their certificate. They usually send a reminder email to businesses roughly one month prior to the expiration date of the certificate.

Benefits of Cyber Security Essentials

Cybersecurity essentials provide a lot of advantages for the organisations that aim to obtain the certificate. Below are four benefits of obtaining the Cyber Security Essentials Certificate:

  1. Professionalism: One significant benefit of obtaining the certificate is that it makes your company  appear more professional in the eyes of your clients. Since the publication of the certificate, organisations have used it to demonstrate to clients that their data is secure. 
  2. Potential business growth: When clients see proof that their data is secure with the company, they naturally feel safer. Obtaining the certificate ensures that your firm can strengthen its relationship with clients, making them feel more confident in your organisation. If utilised properly, the certificate provides you with significant growth possibilities.
  3. Cost savings: Remediating cyberattacks and data breaches may be costly for businesses. Companies can lower the probability of costly security incidents and save money by assembling a team of qualified individuals who are trained to avoid and identify cyberattacks.
  4. Increased productivity: Cyberattacks and data breaches can disrupt business operations and result in downtime. Companies may minimise disruptions and retain productivity by having a team of qualified personnel that can promptly identify and fix security events.

How to get the cyber essentials certification?

The process could vary a little between the cyber essentials and the cyber essentials plus certification; however, the process is very simple and straightforward, and one of the key points about it is that your organisation can access support during the whole process anytime through the website. The registration process consists of three simple steps:

  1. Purchasing the certificate, either Cyber Essentials or Cyber Essentials Plus,
  2. Complete the self-assessment questionnaire.
  3. Receive feedback from the accredited validation body.

Once your company purchases the certificate, you will receive the login credentials that you will use to submit the self-assessment questionnaire, which usually takes a couple of hours to finish. However, it is important to note that once the self-assessment process is initiated, you will have up to three months to complete the questionnaire; otherwise, the questionnaire will be closed and you will need to re-subscribe again.

Once everything is done and submitted, you usually receive a confirmation email about the submission, and you can always track the progress of the questionnaire through the members’ area section on the website. Afterward, you will receive a call from the accreditation body to advise you about the next step in the process. Usually, the validation might take up to a few days for the accreditation body to review all the details and information submitted in the questionnaire.

After this, your company will receive an email either with the certificate or with suggestions and the areas of improvement that you will need to work on in your company to meet the minimum requirements.

 As a business owner, it is your responsibility to secure the data and information shared within your company’s network. The cyber essentials certificate fulfils its aim by safeguarding your system and providing your firm with a significant competitive advantage. At Redsquid our experts are ready to walk you through the entire process, by having our dedicated team run you through exactly what you need to implement into your business and recommend the best methods and solutions to help you accomplish your objective, we can help take your business to the next level. Speak to us today to ensure your business stays future-proofed and secure!