Share this article
Is your business looking to become cyber essentials certified? If so, you might be wondering exactly what cyber essentials really is, and what the process of getting certified involves.
Well, here’s your essential guide to Cyber Essentials. At its heart, Cyber Essentials is designed to help guard your organisation against a wide range of cyber-attacks, as well as demonstrate your commitment to responsible cyber security.
In this article:
- What is Cyber Essentials?
- What are the benefits of Cyber Essentials certification?
- How long does Cyber Essentials certification last?
- Does Cyber Essentials include insurance?
- How can my business become Cyber Essentials certified?
1. What is Cyber Essentials?
Cyber Essentials is a scheme backed by the UK government that helps protect businesses of all sizes, across all sectors, against some of the most widespread cyber-attacks. It provides advice and guidance on preventing attacks, with cyber security measures that all kinds of organisations can implement easily, at low cost.
It’s all about creating a more secure network from businesses and protects organisations from 80% of the most common cyber security breaches.
Operated and developed by the National Cyber Security Centre (NCSC), Cyber Essentials certification also allows businesses to display their trustworthiness and security when it comes to consumers and clients’ data.
There are two levels of certification:
The basic Cyber Essentials accreditation gives businesses a self-assessment route to certification. It provides protection and advice against common cyber-attacks, giving peace of mind you’ve got the proper defences in place.
Cyber Essentials is a foundation-level certification scheme, which looks to understand your businesses’ operations and set-out the basic controls you should have. This significantly reduces your risk from common cyber-attacks, as well as more in-depth security breaches.
It covers things like:
- Firewalls and routers – for instance creating a “buffer zone” between your IT network and external networks.
- Malware – using anti-malware software to protect against viruses and attacks.
- Access – managing access to administrator accounts, so you always know exactly who has access to your data.
- Software updates – keeping devices and trusted apps updated, to protect against vulnerabilities.
- Security – enabling the most secure settings, with things like password management and removing unused accounts.
Cyber Essentials Plus
Cyber Essentials Plus contains all the advice and guidance found in the basic Cyber Essentials certification. As well as this, you’ll also get a hands-on technical verification. This consists of an external vulnerability assessment, as well as internal scans and in-person assessments.
It’s the highest level of certification offered, and essentially forms a more rigorous assessment of your organisation’s cyber security systems. Instead of guided self-assessment, cyber-security experts will help you do things like vulnerability tests, helping to protect against hacking and phishing attacks.
Cyber Essentials Plus is a good idea if you need a more in-depth audit of your cyber security controls. For instance, you might have employees that work from remote locations, or multiple third parties with access to your IT systems. It’s also essential for any business that works with sensitive government data or the Ministry of Defence.
2. What are the benefits of Cyber Essentials certification?
There are lots of benefits to Cyber Essentials certification. It allows you to focus on your core business objectives, safe in the knowledge you’re following the best and most up-to-date advice for protecting your organisation against cyber-attacks.
In addition, a Cyber Essentials certification means:
- You can implement basic security controls to prevent the most common cyber-attacks – keeping the approach simple and costs low.
- Customers are reassured that their data and your services are secure.
- Attract new clients and businesses, who’ll know you have appropriate cyber security measures in place. This is especially important if you work with larger organisations who’ll seek to reduce third-party risks.
- Gain a clear picture of your businesses’ cyber security risks, scope and how to improve.
- Many government contracts require Cyber Essentials certification.
3. How long does Cyber Essentials certification last?
All Cyber Essentials certificates last for twelve months.
Getting recertified is easy though, it’s just like having an annual MOT for your cyber security operations. The recertification process is mostly the same as the certification process itself. But as you’ve already done it once, there will be a lot of repeated information.
In terms of timings, you’ll usually receive your updated certification within a few days of submitting your assessment.
If there have been significant changes to your security infrastructure though, do factor in the time it might take to re-do the questionnaire. On the other hand, if there are no major changes, it might just be a case of copying over earlier answers.
4. Does Cyber Essentials include insurance?
Most organisations who achieve Cyber Essentials certification can opt-in to cyber liability insurance. This is offered as part of the certification, through the IASME Consortium.
To qualify, you’ll need to fulfil the following criteria:
- Your entire organisation is certified
- Your organisation is based in the UK
- Your annual turnover is less than £20 million
- You opt-in to the insurance
This insurance might not be suitable for all organisations though, so check carefully whether it meets your business needs. If you do need separate cyber insurance, many insurers also offer discounts if your business has Cyber Essentials certification, so you might find your premiums are lower anyway.
5. How can my business become Cyber Essentials certified?
If you’re ready to get Cyber Essentials certified, you can do so via the IASME consortium.
Basic Cyber Essentials certification costs between £300 to £500, depending on your business size. After payment, you’ll receive login-details to access the online assessment platform and begin your certification process. You’ll have six months to complete this assessment, so don’t wait too long!
For Cyber Essentials Plus, you’ll have to provide more in-depth information about your business to get a quotation. There are various Certification Bodies trained and licensed to perform the Cyber Essentials Plus audits, who’ll give quotes for the process.
If you’re not sure whether you’re completely ready for Cyber Essentials yet, there’s also a “Cyber Essentials Readiness Toolkit”. By going through these questions, you can create a personal action plan tailored to your business. This will help you meet the Cyber Essentials requirements when you do start certification itself.