Cyber Essentials is a UK government-backed certification scheme that confirms your business has five core technical security controls in place. Most small and medium businesses benefit from it: it protects against the most common cyber attacks, reassures clients, and is increasingly required to win public-sector and corporate contracts. If you handle client data or bid for work that asks about security, you very likely need it.
Backed by the National Cyber Security Centre (NCSC), Cyber Essentials is designed to be achievable for organisations of any size. Here’s what it covers and how to decide whether it’s right for you.
The five controls Cyber Essentials covers
- Firewalls: securing the boundary between your systems and the internet
- Secure configuration: setting up devices and software safely, removing defaults and anything you don’t need
- Security update management: keeping operating systems and applications patched and supported
- User access control: giving people only the access they need, with strong authentication
- Malware protection: defending devices against viruses and other malicious software
Get these five right and you block the large majority of common, opportunistic cyber attacks.
Cyber Essentials vs Cyber Essentials Plus
Cyber Essentials is a verified self-assessment: you complete a questionnaire that’s independently reviewed. Cyber Essentials Plus covers the same controls but adds a hands-on technical audit by a qualified assessor, giving stronger assurance. Many businesses start with Cyber Essentials and move to Plus as client or contract requirements grow.
Does your business need it?
You should almost certainly consider it if any of these apply:
- You hold client or customer personal data, which means UK GDPR applies to you
- You bid for public-sector contracts, many of which require Cyber Essentials as a minimum
- Your customers or partners ask about your security in due-diligence questionnaires
- You want to reduce the risk and cost of a cyber incident
- You want lower-cost cyber insurance and an easier renewal
For most businesses with 10 to 100 staff, the answer is yes. The question is simply when, and whether to aim for Plus.
A real example: certification that won a contract
We helped a client become cyber security compliant specifically to meet a customer’s requirements and win a large tender, which directly grew their business. Cyber Essentials is increasingly a commercial enabler rather than just a security tick-box. It can be the difference between making a shortlist and being ruled out.
Why businesses choose First Stop IT for Cyber Essentials
First Stop IT has supported businesses since 2002 and helps clients achieve and maintain certification. Our own credentials include:
- Cyber Essentials Certified
- IASME Cyber Assurance (Gold)
- NCSC Assured Service Provider (Cyber Advisor for Cyber Essentials)
- Microsoft Partner
- Crown Commercial Service Supplier (G-Cloud)
- Quality Principles Certified
As an NCSC Assured Service Provider and Cyber Advisor, we look after more than 2,000 endpoints across 50 companies, we’ve been named a Top 50 UK MSP for three years running, and we support organisations with 10 to 100 employees across Essex, Hertfordshire and London, including Harlow and Bishop’s Stortford.
Book a free Cyber Essentials readiness review
Want to know how close you are to certification? Book a free IT and cyber security review with First Stop IT and we’ll assess your readiness and map out the quickest route to Cyber Essentials.