LinkedIn Twitter 01722 411999

What is Cyber Essentials and why should my business get this accreditation?

What is Cyber Essentials and why should my business get this accreditation?

Cyber Essentials is a security accreditation that is available for all businesses to undertake.  It, coupled with its advanced accreditation, Cyber Essentials Plus, are security standards that a business can achieve to show that they take security seriously, which in turn means that other organisations, including the government, and your clients will also know that your organisation takes security seriously.

What is Cyber Essentials?

Cyber Essentials is basically a UK government program that helps businesses protect themselves from everyday online threats. Think of it as a starter kit for cybersecurity—it shows you the basics you need to keep things like phishing, viruses, or hackers at bay. The scheme is run by the National Cyber Security Centre (NCSC) and organised by the IASME Consortium, so you know it’s coming from a trustworthy place. If you’re looking to boost your company’s digital defences, this is a great place to start. 

What is the difference between Cyber Essentials and Cyber Essentials Plus?

 Cyber Essentials

  • Self-assessment: Organisations complete a questionnaire about their cybersecurity practices.
  • Basic assurance: It covers five key technical controls:
    • Firewalls
    • Secure configuration
    • User access control
    • Malware protection
    • Patch management
  • Cost-effective: It's the more affordable option and a good starting point for cybersecurity.
  • No external testing: The answers are reviewed by a certification body, but no hands-on verification is done.

Cyber Essentials Plus

Organisation still has to go through the same sort of assessment questionnaire but it then has the additional steps:

  • Independent verification: Includes all the Cyber Essentials requirements plus a technical audit by a qualified assessor.
  • Hands-on testing: The assessor tests systems for vulnerabilities, including:
    • Simulated phishing attacks
    • Scanning for unpatched software
    • Checking endpoint security
  • Higher assurance: Demonstrates a stronger commitment to cybersecurity and is often required for contracts involving sensitive data or critical infrastructure

How do I let others know our organisation has achieved Cyber Essentials?

 If your organisation achieves Cyber Essentials or Cyber Essentials Plus accreditation, you will be allowed to display the accreditation status on your website and include it in your email signatures.  You organisation will also be searchable in the IASME website to see if it has certification.

You can do this by checking here:  https://iasme.co.uk/cyber-essentials/ncsc-certificate-search/

For example, if you click on the above link and enter our business legal entity name which is ABC Networking Limited, it will show our Cyber Essentials and Cyber Essentials Plus accreditations. 

You can do this for any organisation, helping you determine if a company you are potentially doing business with takes security seriously.

 

Publish Date: Jul 9, 2025

Tags

All Blog Articles