• About
  • Services
  • Resources
  • British Data Awards
  • Contact
  • Get a Quote
Menu
  • About
  • Services
  • Resources
  • British Data Awards
  • Contact
  • Get a Quote
  • About
  • Services
  • Resources
  • British Data Awards
  • Contact
  • Get a Quote
Menu
  • About
  • Services
  • Resources
  • British Data Awards
  • Contact
  • Get a Quote
  • 03.12.2020
  • | Michael Fotis
  • Tags: Cyber Essentials

What is Cyber Essentials?

In this guide to all things Cyber Essentials, we dive into the ins and outs of this Government-backed certification. After reading this guide, you’ll be clear on what Cyber Essentials is, what certification involves, how much it typically costs, and most importantly, if it can help your organisation to turn the tide on the growing cyber security threat.

Launched in 2014, Cyber Essentials is a Government-backed certification scheme operated by the National Cyber Security Centre (NCSC). It’s designed to protect companies, big and small, against the most common cyber attacks, because the truth is that the vast majority of attacks (around 80%) are typically pretty basic in nature. This doesn’t mean that they can’t cause significant damage and interruption, just that they are easy to prevent.

This is where the Cyber Essentials certification scheme comes in. It’s a great starting point when it comes to improving the security posture of your organisation, which is why over 30,000 organisations in the UK have chosen to adopt the scheme.

Does your company need Cyber Essentials?

Most businesses make the decision to become Cyber Essentials certified for a couple of reasons:

  1. Helps to protect your business: First and foremost, Cyber Essentials is designed to help your organisation withstand the majority of basic cyber security attacks. With the threat level growing, it can help to make you more resilient to cyber attacks.
  1. Helps you win more business: Certification is increasingly a requirement when contracting with public sector organisations. It’s also increasingly well-recognised by other customers and a signal that your business is taking cyber security seriously.
  1. Provides a low cost solution: With a range of services and products on the market, Cyber Essentials is a low cost way of strengthening your company’s resilience to cyber threats and clearly demonstrating this to your stakeholders.

 

There’s also an option to have Cyber Insurance included as part of your Cyber Essentials certification at no extra cost (applicable to organisations with a turnover of £20 million or less).

 
What does Cyber Essentials involve?

The Cyber Essentials certification process is relatively straightforward. The key steps are as follows:

  1. Choose a certification body: You’ll need to choose an IASME accredited certification body to evaluate and award you the Cyber Essentials certification (such as Predatech)
  2. Complete the self-assessment questionnaire: Your certification body will provide you with access to an online portal to enable you to complete your questionnaire. Some certification bodies also offer packages that include advice and support. This will help you to understand best practice and fill any gaps.
  3. Questionnaire is reviewed: Once submitted, your certification body will review this and feedback. Top tip – make sure to ask your certification body how long you’ll have to wait for their review.
  4. Receive a pass, fail or questions: When reviewing your Cyber Essentials questionnaire the  certification body may ask you some clarification questions to help better understand whether you meet the standard required. If you do, you’ll pass! Top tip – look for a certification body that offer a free retest should you not meet the requirements first time around. They should also clearly highlight which questions haven’t met the required standard.
  5. Cyber Essentials certified: Once your organisation has passed the assessment, you’ll be issued with a Cyber Essentials certificate as well as a logo which can be used to help promote this achievement across your sales and marketing materials.
 
What does Cyber Essentials actually help to protect against?

Cyber Essentials emphasises five technical controls as part of the assessment. With these controls in place, your organisation will be better prepared to withstand the majority of cyber threats. These controls are:

  1. Office Firewalls and Internet Gateways: E.g. Are internet connections secured with boundary and host-based firewalls?
  2. User and Administrative Accounts: E.g. Are admin accounts protected? Is access to data and applications appropriately restricted?
  3. Secure Configuration: E.g. What password policy is in place? Is two-factor authentication enabled where applicable?
  4. Malware Protection: E.g. Is antivirus software up to date? Is sandboxing in place?
  5. Software Patching: E.g. Are devices and software up to date?
 
How long does the Cyber Essentials process take?

It’s possible to certify an organisation within a couple of days. However, how long it takes will be heavily dependent on how quickly your organisation is able to complete the self-assessment questionnaire and whether any gaps are identified (and how long it takes for these to be filled). Your certification body should be able to provide a range of support and guidance to help you better understand and implement any requirements.

 
Does Cyber Essentials help with GDPR?

The Information Commissioner’s Office (ICO) which is the UK authority responsible for data protection, has described Cyber Essentials as “a good starting point.” Regulators like the Financial Conduct Authority, the UK’s financial services regulator have also encouraged adoption of the scheme. And while Cyber Essentials is useful for GDRP, it shouldn’t be viewed as a complete solution for an organisations GDPR obligations.

 
What does Cyber Essentials cost?

Most certification bodies offer a range of Cyber Essentials packages, with pricing from £300 up to £1,650.

Predatech offers two competitive fixed price options to help you achieve Cyber Essentials certification. Our assessments are led by a CREST-accredited cyber security professional to help ensure that we deliver a quality service.

 
Cyber Essentials Certification: £290 + VAT

For businesses with some information security knowledge

  • Access to the self-assessment questionnaire
  • Certification incl. logo use
  • 1 free retest
  • Cyber Insurance*
  • Guaranteed 24 hour questionnaire review turnaround
 
Cyber Essentials Certification & Support: £590 + VAT

For businesses with good information security understanding

  • Access to the self-assessment questionnaire
  • Certification incl. logo use
  • 1 free retest
  • Cyber Insurance*
  • Guaranteed 24 hour questionnaire review turnaround
  • Expert advice and support throughout
 
How long does Cyber Essentials last?

Certification lasts for 12 months from the date of issue, which means that you will have to re-certify every 12 months in order to have a valid Cyber Essentials certification.

The recertification process is typically much easier, unless your organisation has had a major change to its IT infrastructure. All companies that hold a valid certification are listed as Cyber Essentials certified on the NCSC website and retain the right to display the Cyber Essentials logo.

 
What is the difference between Cyber Essentials and Cyber Essentials Plus?

The key difference between Cyber Essentials and Cyber Essentials Plus is that Cyber Essentials Plus is audited and includes an internal and external vulnerability scan. This delivers a more in depth test of an organisation’s security posture as it will validate a number of controls, for example, whether devices are configured correctly and that up to date antivirus software is running.

It’s important to note that before an organisation can achieve Cyber Essentials Plus, it must first achieve Cyber Essentials accreditation.

 
Want to find out more?

Please contact us today for a free consultation or to book your certification.

Latest Posts

British Data Awards 2021 Finalists

British Data Awards 2021 Finalists Announced

With 149 entries received, competition to be named a Finalist in the British Data Awards proved to be tough, and today we’re thoroughly delighted to…
  • Michael Fotis|
  • 09.04.2021|
READ MORE

Cyber Essentials Plus: A Guide to Certification 2021

Cyber Essentials scheme is a Government-backed scheme launched in 2014 that helps organisations to implement fundamental security controls to protect against basic cyber attacks. The…
  • Jason Johnson|
  • 18.03.2021|
READ MORE
What is phishing

What are phishing attacks? And do they really work?

Most of us have been the target of a phishing attack at some point. Sometimes these phishing attempts take the form of a badly worded…
  • Michael Fotis|
  • 26.02.2021|
READ MORE
British Data Awards 2021 Finalists

British Data Awards 2021 Finalists Announced

With 149 entries received, competition to be named a Finalist in the British Data Awards proved to be tough, and today we’re thoroughly delighted to…
  • Michael Fotis|
  • 09.04.2021|
READ MORE

Cyber Essentials Plus: A Guide to Certification 2021

Cyber Essentials scheme is a Government-backed scheme launched in 2014 that helps organisations to implement fundamental security controls to protect against basic cyber attacks. The…
  • Jason Johnson|
  • 18.03.2021|
READ MORE
What is phishing

What are phishing attacks? And do they really work?

Most of us have been the target of a phishing attack at some point. Sometimes these phishing attempts take the form of a badly worded…
  • Michael Fotis|
  • 26.02.2021|
READ MORE

Protecting Your Web Application From Brute-Force Login Attacks

Capitalising on simplicity, brute-force attacks have long been the noisy and least elegant method of exploiting authentication mechanisms. The origins of brute-force techniques date back…
  • Jason Johnson|
  • 09.02.2021|
READ MORE
SEE ALL ARTICLES
Quick Links
  • About Us
  • Resources
  • British Data Awards
  • Contact
Services
  • External Network Penetration Testing
  • Internal Network Penetration Testing
  • Web Application Penetration Testing
  • Vulnerability Assessment
  • Phishing Simulation
  • Cyber Defender
  • Cyber Essentials
Services
  • External Network Penetration Testing
  • Phishing Simulation
  • Internal Network Penetration Testing
  • Cyber Defender
  • Web Application Penetration Testing
  • Cyber Essentials
  • Vulnerability Assessment

Contact

  • info@predatech.co.uk
  • 01784 410 011

© 2021 Predatech Limited

Privacy Policy
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. Find out more by reading our Privacy Policy.
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

Get a Quote
  • *