Cyber Essentials FAQs

Digital Economy Minister Ed Vaizey is urging companies to adopt a cyber security framework to keep themselves secure from cyber attacks, with the final purpose of creating a secure business ecosystem. “Trust and confidence in UK online security is crucial for consumers, businesses and investors. We want to make the UK the safest place in the world to do business online and Cyber Essentials is a great and simple way firms can protect themselves.”

As a Cyber Essentials certification body, IT Governance receives daily inquiries about Cyber Essentials, how companies can achieve the certification, and the scheme’s requirements. Here is a summary of the most frequently asked questions.

  1. Why should we get a Cyber Essentials certificate?
    By achieving the Cyber Essentials certification, your company will benefit from:

    • Protection against around 80% of cyber attacks;
    • Ability to bid for UK Government contracts involving the exchange of information;
    • Improved business efficiency throughout the organisation, saving money and improving productivity;
    • Improved reputation in your industry;
    • Improved relationships with your customers and suppliers – you can now demonstrate their data is securely protected;
    • Reduced insurance premiums.


  2. What is the difference between Cyber Essentials and Cyber Essentials Plus?
    The latter is a more thorough assessment of your company’s security measures. While Cyber Essentials entails the completion of a self-assessment questionnaire verified by an external certification body and an external vulnerability scan (if conducted by a CREST-accredited certification body), Cyber Essentials Plus requires an additional internal assessment and internal scan, conducted on-site by the certification body.

  3. Why do some certification bodies require an external scan in addition to the self-assessment questionnaire?
    CREST-accredited certification bodies know that their clients place greater value on independently verified claims of security and therefore use an additional level of assurance in the form of a technical vulnerability scan.

  4. How long does it take to achieve certification?
    It depends on your current set up and how quickly you can implement the five security controls required by the scheme.

  5. We are already ISO 27001 certified. Should we apply for a Cyber Essentials badge as well?
    While ISO 27001 is seen as a more comprehensive level of assurance, a Cyber Essentials badge can be seen as a core indicator of cyber security, and it may be required by certain clients in addition to ISO 27001 certification.

  6. How can IT Governance help my company obtain the Cyber Essentials badge?
    IT Governance has developed three packaged solutions (a mix of resources and consultancy) based on your expertise, needs and budget. With our basic package, Do It Yourself, you are in control of the entire process and you can get certification for as little as £300. If you require more help, we suggest you to choose the Get A Little Help or Get A Lot Of Help packages. They are available for both Cyber Essentials and Cyber Essentials Plus certification.

    Discover our range of Cyber Essentials products >>

For any other questions, you can read our Cyber Essentials FAQs page or call us on +44 (0) 845 070 1750.