4 July 2026
Cyber Essentials is the UK government-backed scheme that helps businesses protect against the most common cyber threats. Here's what it covers, who needs it, and how to get certified.
Cyber Essentials is a UK government-backed certification scheme designed to help organisations protect themselves against the most common cyber threats. It was developed by the NCSC (National Cyber Security Centre) and is managed by IASME on behalf of the UK government.
The scheme covers five technical control areas that, when implemented correctly, protect against the vast majority of commodity cyber attacks — the kind that target businesses opportunistically rather than specifically.
Cyber Essentials certification is mandatory for any UK business that wants to bid for UK central government contracts involving the handling of sensitive or personal information. Beyond government contracts, it is increasingly required by larger organisations in their supplier questionnaires — particularly in sectors like defence, finance, healthcare, and legal services.
Even if it is not required by a client, certification demonstrates to customers and partners that your business takes cyber security seriously. With cyber attacks on small businesses rising year on year, it also provides genuine protection — not just a certificate.
There are two levels of Cyber Essentials certification. Standard Cyber Essentials is a self-assessment — your business answers a questionnaire about your controls, and a Certification Body verifies your answers. Cyber Essentials Plus includes an independent technical verification, where an assessor remotely tests your systems to confirm the controls are genuinely in place.
Most small businesses start with standard Cyber Essentials. CE Plus is required for some government contracts and gives a higher level of assurance to clients.
The certification fee depends on your organisation's size and your chosen Certification Body. For small businesses (fewer than 50 employees), the assessment fee is typically £300–£500 for standard Cyber Essentials. CE Plus typically costs £1,500–£3,000+ depending on the scope and complexity of your IT estate.
Before paying for the formal assessment, it is worth completing a pre-check to understand where your gaps are. Many businesses fail their first assessment because they didn't know about specific requirements — such as MFA being mandatory on all cloud services — until the assessor flagged it.
Our free RADAR_CHECK questionnaire takes around 10 minutes and gives you an instant view of how your business measures up across all five control areas. Book a free 30-minute call with our team and we'll walk you through your results and tell you exactly what to fix before you apply.
// TAKE THE NEXT STEP
Our RADAR_CHECK questionnaire takes 10 minutes. Book a free 30-minute call and we'll walk you through your results and tell you exactly what to fix.
START FREE CHECK >>