Cyber Essentials is one of the most cost-effective ways of bolstering your organisation’s information security.
The UK government-backed scheme is designed to help organisations address common weaknesses without having to spend a fortune overhauling their cyber security practices.
In this blog, we explain the costs involved in Cyber Essentials certification, including consultancy fees, renewal and advancing to Cyber Essentials Plus.
The cost of Cyber Essentials
IASME, the certification body that oversees Cyber Essentials certification, charges £300 plus VAT for an assessment.
However, organisations must also factor in the costs of preparing for the assessment and aligning their practices with the scheme’s five controls:
- Patch management;
- Anti-malware software;
- Access controls; and
- Network configurations.
You can conduct a vulnerability scan to whether you’ve addressed each of these controls adequately and therefore whether you’re ready to seek certification.
Applying the relevant controls won’t be particularly expensive, but they will take time and expertise to embed within your systems and processes.
This is something many organisations overlook when implementing Cyber Essentials, which is why we advise hiring a consultant. If you don’t, you risk failing your certification project and having to start over.
Our Cyber Essentials services provide all the guidance you need.
Whether you need to Get A Little Help or Get A Lot Of Help, our experts will support your certification project, providing the necessary documentation, policies and procedures, and technical assistance.
These packages also cover the IASME assessment fee.
The cost of Cyber Essentials Plus
Organisations seeking a higher level of security should consider Cyber Essentials Plus. The certification process comprises a technical audit of your systems, an external vulnerability assessment, an internal scan and an on-site assessment.
To be eligible, you must complete the audit within three months of your Cyber Essentials certification or complete both assessments simultaneously.
The cost of preparing for Cyber Essentials Plus will vary depending on the size and complexity of your organisation.
You can get an estimate by applying for a quote from IASME. Alternatively, you can use our Cyber Essentials Plus consultancy packages:
Renewing your certification
Cyber Essentials certificates are valid for 12 months, so you are required to review your practices and renew your certification annually.
IASME will email you a month before your certificate expires – but if you use our Cyber Essentials solutions, we will handle the process for you.
Our fully managed service ensures that you’re ready to renew your certificate each year.
The cost of not certifying
A 2020 Ponemon Institute study found that data breaches cost organisations almost £3 million, a sum that could soon put them out of business.
With Cyber Essentials, you can drastically reduce this risk. Organisations that certify to the scheme will prevent 80% of common cyber attacks – including those that tend to cause the most damage, such as malware and ransomware.
But certification isn’t just about preventing disaster; it also comes with business opportunities.
For example, the UK government requires any potential partner to have Cyber Essentials certification, and many other organisations expect the same.
You should anticipate conditions such as this to become the norm over the next few years, as organisations realise the importance of effective information security throughout the supply chain.
The question therefore isn’t so much whether you can afford to certify to Cyber Essentials but whether you can afford not to.
We have a range of options for those who want to learn more about and achieve certification.