This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here

United Kingdom

Select your regional store:


Cyber Essentials – helping you keep your business secure

Cyber Essentials (CE) is a government-backed cyber security certification scheme that sets out a baseline of cyber security suitable for all organisations. The scheme’s five security controls can prevent “around 80% of cyber attacks”.


There are two levels of certification: Cyber Essentials and Cyber Essentials Plus.


Who is the Cyber Essentials scheme applicable to?

  • Organisations that use Internet-connected systems

  • Organisations that use Internet-connected end-user devices such as computers, mobile phones, printers, tablets, servers and laptops

Skip to the background of the Cyber Essentials scheme.



Five key controls required for both levels of the scheme:

Secure configuration


Boundary firewalls and Internet gateways


Access controls and administrative privilege management


Patch management


Malware protection



With Cyber Essentials you can:

  • focus on your core business objectives, knowing that you're protected from the vast majority of common cyber attacks

  • drive business efficiency, save money and improve productivity through the streamlining of processes

  • reduce your insurance premiums

  • increase your resistance to cyber threats

  • demonstrate to clients, insurers, investors and other interested parties that you have taken the precautions necessary to reduce cyber risks

  • bid for UK Government contracts that involve the handling of personal and sensitive information.


Assessment methodologies for Cyber Essentials and Cyber Essentials Plus:



  • A verified self-assessment questionnaire

  • An external vulnerability scan of Internet-facing networks and applications to verify that there are no known vulnerabilities present

  • This extra scan provides an independently verified view of the organisation's security posture



  • Includes all the assessments for the Cyber Essentials level plus an additional internal scan and on-site assessment to test:

    • the security and anti-malware configuration of each device type

    • patch levels and system configuration

    • whether the organisation's systems are resistant to malicious email attachments and web-downloadable binaries



How much does Cyber Essentials certification cost?

Costs mainly depend on the level of certification you are applying for and the package you need from your certification body – in this case, IT Governance.

Cyber Essentials implementation packages

We have developed three packages to suit your needs when applying for either level of Cyber Essentials certification. The cost of each package depends on your certification level:


Do It Yourself (DIY)

Choose this option if you are comfortable carrying out the necessary preparations yourself, in accordance with the Cyber Essentials scheme’s requirements. With this option, you can submit the self-assessment questionnaire (SAQ) and undertake the assessments once you are ready for certification.

Package includes:

  • The review of your SAQ, the required vulnerability scans and the online certification service.

  • The external and internal vulnerability scans, on-site assessment and the online certification service if you are opting for Cyber Essentials Plus.




Get A Little Help

We recommend this option for organisations that are confident they have the skills to reach Cyber Essentials certification, but need a little guidance to point them in the right direction.

Package includes:

  • Cyber Essentials Toolkit – Receive the necessary customisable policies and procedures to meet the Cyber Essentials requirements. The toolkit offers guidance and pre-written templates.

  • Live Online consultancy – If you need guidance or just peace of mind, help is available from our expert, CREST-accredited team.

  • The review of your SAQ, the required vulnerability scans and the online certification service.

  • The external and internal vulnerability scans, on-site assessment and the online certification service if you are opting for Cyber Essentials Plus .




Get A Lot Of Help

This option is an all-inclusive package for large organisations with complex organisational structures, or organisations that have no prior experience implementing an information security management system.

Package includes:

  • A full-day on-site consultancy service with an expert cyber security practitioner, providing:

    • Guidance on completing the self-assessment questionnaire

    • How to implement the five controls required by the scheme

    • Help defining the scope for Cyber Essentials certification

  • The review of your SAQ, the required vulnerability scans and the online certification service.

  • The external and internal vulnerability scans, on-site assessment and the online certification service if you are opting for Cyber Essentials Plus.




Compare these options side-by-side on our Cyber Essentials scheme solutions page.

Why choose IT Governance for Cyber Essentials certification?

IT Governance is a CREST-accredited certification body. We are proud to have awarded certification to companies including Action for Children, Vodafone, and Airbus Defence and Space Ltd. See the full list of Cyber Essentials certified organisations >>

  • You can conduct the entire certification process online, without any expert cyber security knowledge, with our CyberComply portal.

  • We provide all of the tools and resources needed to achieve CREST-accredited certification at both levels of the Cyber Essentials scheme.

  • We deliver all of the technical tests and assessments, conducted by our experienced, CREST-accredited testers.

  • By choosing a CREST-accredited certification body like IT Governance, you will benefit from the added level of independent verification of your cyber security status provided by an external vulnerability scan. Non-CREST-accredited certification bodies issue certificates purely on the submission of a self-assessment questionnaire, without assessing the status of the client’s networks and applications.


Completely new to Cyber Essentials?

Begin your journey towards certification today – use our very own pocket guide to give you a basic understanding of the Cyber Essentials scheme. Buy your pocket guide today.


The background of the Cyber Essentials scheme

The Cyber Essentials scheme is a key deliverable of the UK’s National Cyber Security Programme. Realising that the controls in its 2012 guide, 10 Steps to Cyber Security, were not being implemented effectively, the government instigated a call for evidence on a preferred cyber security standard. In November 2013, it concluded that no individual standard met its specific requirements, so it developed the Cyber Essentials scheme.

  • Cyber Essentials delivers the basic controls that all organisations should implement to mitigate the risk from common Internet-based threats.

  • The scheme provides a mechanism for organisations to demonstrate to customers, investors, insurers and others that they have taken essential precautions to secure against the majority of cyber risks.

  • A recent report by the government UK cyber security: the role of insurance in managing and mitigating the risk revealed plans to include Cyber Essentials certification in insurers’ risk assessments for SMEs.

  • Cyber Essentials enables companies to successfully tender for government contracts. View the UK Government’s procurement policy notice here.

The scheme is backed by major industry players including BAE Systems, Lockheed Martin, Barclays and Hewlett-Packard. The Information Commissioner has stated that he “supports the Cyber Essentials Scheme and encourages all businesses to be assessed against it”.

The Cyber Essentials scheme is increasingly popular within the private sector; more than 1,200 organisations have adopted the scheme to date. Insurance firms have recognised that Cyber Essentials certification is a valuable indicator of a mature approach to cyber security and, according to a government report, Cyber Essentials certification can also contribute to the reduction of risk.


Click here to find out which organisations IT Governance has certified >>