With over 30,000+ Cyber Essentials certificates being issued since 2014, the Cyber Essentials scheme is the most in demand cyber security service in the UK market.
It is a popular belief that only certification bodies with a Cyber Essentials assessor can offer Cyber Essentials to the market.
However, this isn't the case at all.
You can add Cyber Essentials to your service portfolio by partnering with an existing certification body to re-sell Cyber Essentials through them.
In 6 simple steps, you can begin offering Cyber Essentials and Cyber Essentials Plus to your clients.
Cyber Essentials will soon be seen as a necessity amongst businesses and your clients know this.
They know they need to begin their cybersecurity journey and there is no alternative for a small or medium business.
I can take an educated guess that this has happened with your business
Your clients have asked you about Cyber Essentials in the past but you've not been able to certify them yourself.
So what happens?
You have to turn them away and send them to a certification body.
You would've loved to have gained that extra revenue but there's nothing you can do as you do not have the ability to certify them yourself.
You may have even had the impulsive thought to become a certification body yourself for this very reason.
But you decided against it.
It's too much work and far too expensive.
But now with the ability to re-sell Cyber Essentials, you do not have to send away that extra revenue. Instead, you can certify all of your clients and make sure that revenue stays with you.
Let's dive deeper into how you can begin re-selling Cyber Essentials and Cyber Essentials Plus.
Before you do anything, you need to verify whether or not there is a demand or need for Cyber Essentials with your existing clients and future prospects.
A very easy way of doing this is asking your clients what they currently do in terms of cyber security. It is likely they are currently relying on their reactive IT Support service for their cybersecurity and if you missed our blog on this, here's why that's a terrible idea.
They might also be convinced they're secure because they've got a firewall or anti-virus solution in place, which again is not the best of ideas.
Here's why.
Tools of this nature are meant to be supplementing a pre-existing strong foundation of cybersecurity.
What is that strong foundation?
Cyber Essentials.
Adopting Cyber Essentials would reduce your client's risk of breach by 80%, this is a great starting point for your client. They can then use these additional tools to bridge the gap from 80% to 100%.
As most certification bodies will only work with you if you can certify 5 or more clients per year, make sure you have a list of at least 5 clients/prospects who are:
1) In need of Cyber Essentials but are not aware of the scheme
2) Currently looking to become certified Cyber Essentials
3) Currently certified with a different certification body but want to change provider
You can check if your client or prospect is already certified by using NCSC's Cyber Essentials Search:
There are many organisations claiming to be IASME certification bodies when in fact, they are re-sellers of Cyber Essentials themselves. This is an important distinction to make so please note:
When you re-sell Cyber Essentials you do not become a certification body. You simply gain access to marketing Cyber Essentials to the market and clients, the process itself is handled by the certification body.
So you do not want to approach a re-seller of Cyber Essentials, you want to approach the IASME certification body themselves. You can do this by choosing from this list of registered certification bodies on the IASME website.
Here you can see the IASME certification body's location and whether they are offering Cyber Essentials Plus.
Certification bodies only offering Cyber Essentials will not allow you to re-sell Cyber Essentials Plus because they do not the facility to do so.
Ideally, you are re-selling Cyber Essentials and Cyber Essentials Plus rather than only re-selling the former.
Why?
The profit you make per sale will be primarily from Cyber Essentials Plus as it is the more expensive certification.
Cyber Essentials on the other hand has a base price of £300 which is the known price amongst consumers. (Of course, you can still charge more than £300 for Cyber Essentials as it is entirely up to you how you price your services)
Additionally, the true value of the Cyber Essentials scheme is Cyber Essentials Plus. Only having Cyber Essentials is similar to staying with the 'Learner' plates on your car.
Now that you've got a list of IASME certification bodies in mind, you need to verify if they offer a re-seller partnership by contacting them or finding the relevant web pages on their website.
If you find your chosen IASME certification bodies do not allow for businesses to re-sell their services, you'll need to go back to the IASME website in step 2 and find different certification bodies.
Look for a Partner Program or Reseller webpage on the Certification Body's website
So now that you have a list of IASME certification bodies that have a partner program for Cyber Essentials Plus, you need to dive deeper into each of their programs.
Here are the four things you need to consider:
I briefly spoke of the retail price of Cyber Essentials earlier but as a re-seller, you need to expect a discount on the standard retail prices.
The Cyber Essentials retail price is £300 with almost all certification bodies, it is likely you can re-sell this for around £600+ depending on how much support you're willing to offer your clients.
Cyber Essentials Plus varies in price. For instance, you will find some of your IASME certification bodies are already charging £2000 for Cyber Essentials Plus. This means you need to purchase Cyber Essentials Plus from them for this price and re-sell it to your clients for more. The problem with this is the high cost, even with a discount, your margins are low.
Ideally, you want to find a certification body providing Cyber Essentials for less than £1400 in order to have a healthy margin.
As I mentioned earlier, each of your clients will be in a different situation regarding their cyber security. You will need help from your certification body in the form of contact, resources and collateral in order to successfully help your clients achieve Cyber Essentials and Cyber Essentials Plus.
Some of the certification bodies on your list may ask you to create your own resources in regards to sales and marketing. This is a preference you'll need to ask yourself whether or not you're comfortable with as you'll need to research into Cyber Essentials extensively to create the materials.
On the other hand, you may find other certification bodies who are far more willing to hold your hand through the process by providing support and resources throughout the way.
Make sure your IASME Certification Body is providing you with sales and marketing collateral
Another key point worth mentioning is whether or not the certification body are going to 100% guarantee that your clients will pass Cyber Essentials.
There are quite a few certification bodies who will sell Cyber Essentials to you knowing that you're not in a position to pass it.
Why?
They want you to fail so they can charge you the full price for Cyber Essentials again.
This provides a horrible experience for your clients as they would end up spending a lot more than what they were originally quoted.
So how do we know if your clients are guaranteed to pass?
Most certification bodies will have a service which offers a significant amount of help and guidance - hence guaranteeing a pass. As long as you're re-selling this solution, achieving Cyber Essentials should be a smooth experience for your clients.
Also, you want to ask your certification body if they'll scan your network for any vulnerabilities before being assessed for Cyber Essentials Plus.
In this way, you'll know exactly what you need to fix in order to pass Cyber Essentials Plus. Most certification bodies will call this service a 'Pre-assessment' or a 'Cyber Essentials Plus Pre-Scan' and you can usually re-sell this service onto your clients too so they'll know they're going to 100% pass Cyber Essentials Plus.
Is your chosen Certification Body guaranteeing client success?
You'll need to assess whether your chosen IASME Certification Body has the people and processes in place behind the scenes to ensure that re-selling Cyber Essentials is a seamless experience for both you and your customer.
Ask yourself these three questions to determine their reliability:
1) What do other companies say about this certification body?
2) Do they have a proven track record of certifying organisations?
3) Do they come across as professional and will they stick to their word?
You've now got a clear picture of what each organisation can do for your business. You'll need to ask yourself which of the four factors is the most important factor in regards to a re-seller partnership.
For instance, would you be happy with a reputable certification body providing Cyber Essentials Plus at £1300 but offering no support or guidance?
Or...
Would you be happy with a certification body providing Cyber Essentials Plus at £800 but they can't guarantee whether your clients are going to pass after they pay?
Ideally, you'd want a Certification Body that offers a balance of all four, once you have this, you can move on to the final stage of providing your clients and prospects Cyber Essentials Plus.
Choose the Certification Body with the best balance
Now it is your job to show your clients that they need Cyber Essentials Plus in their organisation.
Assuming your chosen IASME certification body has provided you with the resources and collateral to re-sell Cyber Essentials Plus, it should be an easy process from here!
Choosing an IASME Certification Body can be difficult, as I've mentioned earlier, there's a multitude of factors to consider.
Here at Cyber Tec Security, we have an established re-seller program which will enable you to: