Cyber security for business

Cyber Essentials is a government-backed cyber security certification scheme. It helps businesses protect their IT systems using five basic technical controls designed to prevent common cyber attacks.

What is Cyber Essentials standard?

Cyber Essentials sets the minimum cyber security standards for organisations. It covers:

• firewall protection to block unauthorised access
• secure configuration to reduce vulnerabilities
• user access control to manage permissions
• malware protection to prevent harmful software
• security updates to keep systems patched and safe

The standards are reviewed annually by experts from the National Cyber Security Centre (NCSC) and IASME (the scheme operator).

Two levels of Cyber Essentials certification

Under the scheme, there are two levels of certification.

1. Cyber Essentials (self-assessment)

To certify, businesses complete a self-assessment questionnaire on the five key controls. A qualified assessor reviews the responses to verify the information provided. Costs start at £320 plus VAT, depending on business size. Certification lasts 12 months and must be renewed annually.

Download your free self-assessment questions and apply online.

2. Cyber Essentials Plus

The higher level of certification includes the self-assessment plus a technical audit of your IT systems by a qualified security assessor. Costs vary depending on the size and complexity of your network. Certification also lasts 12 months and requires annual renewal.

Get a quote for Cyber Essentials Plus certification.

How to prepare for Cyber Essentials certification

Cyber Essentials requirements change yearly to keep the scheme effective against evolving threats. All certifications starting on or after 28 April 2025 use version 3.2 of the NCSC requirements for IT infrastructure.

To certify, businesses first need to check that their IT systems meet the five technical controls as detailed in the requirements document. You can use the IASME Cyber Essentials guidance and readiness tool to assess your current cyber security setup and identify gaps. Based on your answers to the tool, you will receive a tailored action plan with clear steps to help you prepare for Cyber Essentials certification. 

Small and medium-sized businesses preparing for Cyber Essentials can also book a free 30-minute consultation with an NCSC-assured Cyber Advisor.

2026 updates to Cyber Essentials requirements

From 27 April 2026, all new assessments will use version 3.3 of the NCSC requirements for IT infrastructure, which introduces stricter rules on cloud services, multi-factor authentication, and software security. If your business currently holds Cyber Essentials certification or plans to apply, review the new requirements now and prepare ahead of the deadline to avoid any compliance issues and keep your systems secure.

Why get Cyber Essentials certification?

Successful certification includes automatic cyber liability insurance for UK businesses with under £20 million turnover (terms apply). Certification will also help your business:

• improve cyber security and reduce risk
• build trust with customers, insurers, and investors
• win more contracts and attract new business

Finally, Cyber Essentials is mandatory for suppliers bidding on certain higher-risk public sector contracts - for example, those involving personal data or sensitive information, or the provision of certain technical products and services. Read the procurement policy note on Cyber Essentials to find out more.