What is Cyber Essentials and Why Does It Matter?

Written by Sam Jones
Oct 4, 2019 - 5 minute read

The only government-backed cyber security standard in the UK is worth explaining, so let's get into it: What is Cyber Essentials...

New call-to-action

Last Updated January 2022

Someone, out there, wants your data.

Okay, I lied.

It's not just one person, it's organisations of cyber criminals who want your data.



Whilst I know that's not the assurance you wanted, it's worth stressing my point. These cybercriminals do not care about our personal lives and the destruction they cause.

They only want one thing and that is your data.

If my point hasn't hit home yet, this statistic from the Government's Cyber Security Breaches Survey last year might just give you goosebumps...

Almost half (39%) of British organisations identified a data breach or cyber attack in 2021. Unfortunately, even if you managed to avoid being part of this statistic, the unwavering cyber threat is still coming for your organisation.

Whilst it might sound overly dramatic and more like a zombie apocalypse than Cyber Security, the threat is certainly real. According to Lindy Cameron, the NCSC (National Cyber Security Centre) CEO, now is not the time to be getting complacent.

The truth is, we all need help, whether it is in life or in an organisation, to protect ourselves from the cyber threat which exists in the United Kingdom today.

The good news is, there is help available and it comes in the form of Cyber Essentials.

What is Cyber Essentials?

Cyber Essentials is a cyber security certification that has been designed by the government to make it simple for you to protect your organisation against common cyber threats.

Cyber Essentials requires you to implement five technical controls.

I know, there's a lot of technical phrases which can be incredibly confusing so I've created a simplified infographic for you below:


Cyber Essentials 5 Technical Controls

Nothing too crazy right?

With these five controls in place, Cyber Essentials can begin to address your cyber security issues.

Cyber Essentials and Cyber Essentials Plus

A Cyber Essentials certification shows your clients and customers that you care about your cyber security whereas Cyber Essentials Plus shows you are doing absolutely everything in your control to protect their data.

So how do you achieve Cyber Essentials and Cyber Essentials Plus?

  • For Cyber Essentials, your organisation would need to complete a self-assessment questionnaire online which is then independently reviewed by an external Certification Body, who will award you the certification if you pass.
  • Cyber Essentials Plus has the same requirements as Cyber Essentials, except the system tests are carried out by an external Certification Body.

It's important to know the difference between the two Cyber Essentials certifications as it can help you decide which certification is best for your organisation.

Untitled design (24)(New badges as of 2021)

What is the price of Cyber Essentials?

Cyber Essentials is priced according to a tier-based system, with four organisation bands: micro, small, medium and large.

Screenshot 2022-01-17 at 14.08.36

You may be wondering "Is Cyber Essentials worth it?" and this ultimately depends on your organisation, but even if Cyber Essentials isn't right for your business for whatever reason, there needs to be something in place for your cyber security or you'll be leaving yourselves vulnerable.

However, gaining a Cyber Essentials certification is a great place to start and you're actually getting a lot more from it than just its security benefits for your organisation.

Benefits of the Cyber Essentials certification:

  • As I've mentioned, the cyber threat to your organisation is real and frankly, quite scary. With a Cyber Essentials certification, you reduce this cyber threat by approximately 80%.

  • With a Cyber Essentials certification, you will gain respect and enhance your reputation as your organisation will be seen as one that focuses, prioritise and cares about data. 

  • Without a Cyber Essentials certification, you automatically take yourself out of the conversation for Government contracts, as you are legally required to have Cyber Essentials to be able to bid for contracts that deal with any sensitive information.

There are many benefits that come from Cyber Essentials, click here to see the 10 ways Cyber Essentials could benefit your organisation.

Where can I learn more?

Don't worry, I've got you covered (so does Cyber Essentials!).

The Ultimate Guide to Cyber Essentials will give you peace of mind and ensure every question you've ever had around Cyber Essentials is answered.



Topics: IT, Cyber Essentials, Cyber Essentials Plus, Business Security, Cyber Attack, Cyber Security


More by Sam Jones

Related articles
The Ever Evolving Role of the MSP!

Discover how Managed Service Providers (MSPs) can strengthen cybersecurity with a proactive approach and Cyber Essentials Certification. Learn about the evolving role of MSPs in safeguarding businesses against cyber threats.

Is ISO an alternative standard to Cyber Essentials?

Comparing ISO and Cyber Essentials for cybersecurity standards, this blog delves into their differences and importance in safeguarding against cyber threats.

Is Your Supplier List Your Weakest Link?

Discover why Cyber Essentials certification should be mandatory for suppliers to strengthen supply chain security and mitigate cyber threats. Safeguard your business and gain a competitive advantage.