Cyber Essentials: Where to Start

Cyber Essentials is often the first formal cyber security certification UK organisations pursue — and for good reason. It provides clear, government-backed assurance that your business has put essential cyber security controls in place to protect against common attacks.

At Cyber Compliance, we act as a Cyber Essentials Certification Body, guiding organisations through the process from preparation to certification. This article explains what Cyber Essentials is, how it works, and how to get started with confidence.

What Is Cyber Essentials?

Cyber Essentials is a UK government-backed cyber security certification scheme. It confirms that your organisation has implemented baseline cyber security controls that protect against the most common cyber threats, such as phishing, malware, and unauthorised access.

The scheme is overseen by the National Cyber Security Centre (NCSC), the UK’s technical authority for cyber security and part of Government Communications Headquarters (GCHQ).

Cyber Essentials is widely recognised as the minimum acceptable level of cyber security for UK organisations, particularly those working with government, regulated industries, or sensitive data.

The Two Levels of Cyber Essentials

There are two certification levels:

1. Cyber Essentials (Self-Assessment)

  • A verified self-assessment questionnaire
  • Answers are reviewed and marked by a qualified Assessor
  • Suitable for most small and medium-sized organisations

2. Cyber Essentials Plus

  • Includes the same verified self-assessment
  • Plus a hands-on technical audit of systems and devices
  • Provides a higher level of assurance to customers and regulators

What Is a Verified Self-Assessment?

The verified self-assessment is the foundation of Cyber Essentials:

  • A nominated person logs into a secure assessment portal
  • You answer questions about your organisation’s IT systems and security controls
  • A senior representative (director or equivalent) must confirm the answers are accurate
  • A qualified Assessor reviews the submission and issues:
    • Pass
    • Request for more information
    • Fail (with feedback and opportunity to fix issues)

As a Certification Body, Cyber Compliance marks assessments directly and works with you to resolve issues efficiently.

The Five Technical Controls

Cyber Essentials focuses on five core technical controls:

  1. Firewalls – protecting your network perimeter
  2. Secure Configuration – ensuring systems are hardened
  3. Security Update Management – keeping software up to date
  4. Access Control – limiting user privileges appropriately
  5. Malware Protection – preventing and detecting malicious software

All assessment questions map directly back to these controls.

How Long Does Certification Take?

  • Completing the assessment typically takes 1–2 hours if you prepare in advance
  • Assessments are reviewed within 3 working days
  • Certificates are issued immediately upon passing
  • Certification is valid for 12 months

Do You Need Help With Cyber Essentials?

This depends on your IT environment and internal expertise.

Some organisations complete Cyber Essentials independently. Others benefit from professional support to:

  • Understand the requirements
  • Resolve non-compliance issues
  • Avoid delays or failed submissions

As a Certification Body, Cyber Compliance can:

  • Explain assessment questions in plain English
  • Highlight gaps before submission
  • Provide structured support alongside certification

Free Preparation Resources

Before applying, we strongly recommend preparation:

  • Download the Cyber Essentials assessment questions
  • Review the Requirements for IT Infrastructure document
  • Use readiness tools and guidance articles to identify gaps early

Preparation helps avoid unexpected costs or delays later.

Costs of Cyber Essentials Certification

Certification pricing is fixed and based on organisation size:

  • 0–9 employees: £320 + VAT
  • 10–49 employees: £440 + VAT
  • 50–249 employees: £500 + VAT
  • 250+ employees: £600 + VAT

There are no hidden costs if you complete the assessment yourself. Additional costs only apply if you choose professional support or need to upgrade systems to meet requirements.

Cyber Insurance Included

UK organisations with:

  • Turnover under £20 million
  • Full organisational scope included

may qualify for £25,000 of included cyber liability insurance when they certify.

The Cyber Essentials Certification Process

  1. Register and pay for certification
  2. Receive secure portal login details
  3. Complete the self-assessment (save and return anytime)
  4. Director or equivalent signs the declaration
  5. Assessment is reviewed by a qualified Assessor
  6. Fix issues if required and resubmit
  7. Receive your certificate and digital badge

Getting Started With Cyber Compliance

If you’re ready to begin — or just want to understand where you stand — Cyber Compliance can help.

As a licensed Cyber Essentials Certification Body, we offer:

  • Assessment-only certification
  • Guided submissions
  • Support packages for Cyber Essentials and Cyber Essentials Plus

Start your Cyber Essentials journey with confidence — and get it right the first time.

Contact our team today to get started:
📧 info@cybercompliance.org.uk
🌐 https://cybercompliance.org.uk

https://cybercompliance.org.uk/pages/cyber-essentials

https://cybercompliance.org.uk/pages/cyber-essentials-plus

 

Back to blog