In this article, we will address the most Frequently Asked Questions (FAQs) about Cyber Essentials and Cyber Essentials Plus. From the basics of what Cyber Essentials is, to the certification process and its benefits, we aim to provide comprehensive answers to help you navigate this critical aspect of cyber security.  

Whether you’re a small business owner looking to enhance your security or an IT professional seeking to certify your company’s defences, understanding Cyber Essentials is a vital step in your cyber security journey. By the end of this guide, you’ll have a clearer understanding of how Cyber Essentials can bolster your organisation’s defences, ensuring you stay one step ahead of cybercriminals.  

What is Cyber Essentials?

Cyber Essentials is a UK government-backed certification scheme designed to help businesses protect themselves against common online threats. By achieving Cyber Essentials certification, your organization can demonstrate its commitment to cybersecurity, which can enhance your reputation and trust with customers and partners. 

Why should my business get Cyber Essentials certified?

Obtaining Cyber Essentials certification can help your business protect itself from common cyber threats. It can also provide reassurance to customers and partners that you take cybersecurity seriously. Additionally, some government contracts require Cyber Essentials certification.  

What are the steps to get Cyber Essentials certified?

To get Cyber Essentials certified, you need to: 

1. Choose a certification body. 
2. Complete a self-assessment questionnaire. 
3. Submit your questionnaire for review. 
4. Address any identified issues and resubmit if necessary. 
5. Receive your certification once your submission meets the requirements. 

What is the difference between Cyber Essentials and Cyber Essentials Plus?

Cyber Essentials: This is the basic level of certification. It involves a self-assessment questionnaire that you complete and submit for review. It provides a basic level of assurance that your organization is protected against common cyber threats. 

Cyber Essentials Plus: This is a more advanced level of certification. It includes all the elements of the basic certification but also involves an independent, external assessment of your cybersecurity measures. This includes vulnerability scans and user testing to ensure your defences are working as intended. Note: To obtain Cyber Essentials Plus, your organization must first be certified at the basic Cyber Essentials level. 

How much does Cyber Essentials certification cost?

The cost of Cyber Essentials certification can vary depending on the certification body and the size of your organization. Generally, the basic Cyber Essentials certification is less expensive, while Cyber Essentials Plus, which includes an external assessment, will be more costly. It’s best to check with certification bodies for specific pricing. 

How long does it take to get Cyber Essentials certified?

The time it takes to get Cyber Essentials certified can vary. The basic Cyber Essentials certification can often be completed within a few days to a week, depending on how quickly you can complete the self-assessment and address any issues. You have 6 months to complete the basic assessment.  

For Cyber Essentials Plus, the assessment must be completed within 3 months of finishing the basic certification and will take longer to complete than the Cyber Essentials due to the verification element of the assessment.

What types of cyber threats does Cyber Essentials protect against?

Cyber Essentials helps protect against common cyber threats, such as: 

• Phishing attacks

• Malware infections

• Network attacks

• Unauthorised access to systems

By implementing the controls required for certification, your organization can reduce its risk of these and other cyber threats. 

Do we need to renew our Cyber Essentials certification? 

Yes, Cyber Essentials certification is valid for one year. To maintain your certification, you will need to renew it annually. This involves completing the self-assessment questionnaire again and ensuring that your cybersecurity measures continue to meet the required standards. 

How much is the renewal?

The renewal cost is generally the same every year (marginal cost increases annually), this is the same cost you paid for the original certification. Some providers, such as IntaForensics, may apply multi-year discounts or honour previous years costs where possible, this is subject to any significant changes in the business. 

Is the Cyber Essentials Plus more invasive than the Self-Assessment Cyber Essentials? 

The consensus from our clients is that the Self-Assessment aspect is more time consuming and considered the more stressful of the two as the Plus is a validation of the first stage and more labour intensive from our team.   

Strengthen Your Cyber Security with Cyber Essentials 

Cyber Essentials is an invaluable framework for any organization looking to fortify its defences against prevalent cyber threats. By understanding and implementing the principles outlined in this scheme, you can significantly reduce the risk of a cyber-attack.

Ready to take the next step in securing your business? Purchase Cyber Essentials or Cyber Essentials Plus certification through our website or contact out to our team of cyber experts to discuss your organisation’s cyber security protection.