Cyber Essentials: what is it and why do you need it

cyber background on screen

What is cyber essentials and why do you need it?

The Cyber Essentials scheme popped up more than a few years ago, but take-up increased when the GDPR was implemented in 2018. There are two versions of Cyber Essentials: the standard scheme or Cyber Essentials Plus. Both provide guidelines to help small to medium businesses and larger organisations protect themselves against cyber threats. 

There are a number of benefits to the Cyber Essentials certification. SMEs in particular may be considered easy targets for hackers and, given the small cost involved, the returns can demonstrate that Cyber Essentials certification is a worthwhile investment.

Your own business protection

There’s no guarantee that you can be protected against all cyber attacks. Large organisations may have incredibly sophisticated processes and protections in place but can still fall victim to a malicious attack, and this shows that there is no foolproof system. As mentioned above, hackers may also specifically target SMEs. You may think that it won’t happen to you, but hackers don’t necessarily go for large scale organisations. This is because they will require more time to hack, be higher profile and could simply be seen as more effort. Instead, they often go for smaller companies and use automated attacks to identify and exploit vulnerabilities. 

Cyber Essentials will provide you with a certain level of protection and security. If this is your first step in protecting your business, then it is an important one and without it, you have much higher risk and exposure.

Demonstrate you are a reputable and trustworthy company that prioritises security

More and more organisations are becoming cyber-savvy. This means that they are either understanding the protection they need to take themselves or they are looking for their suppliers to have appropriate security set-up. When a prospective client is looking at their options, having Cyber Essentials certification will help to demonstrate that you understand the importance of data security and that you prioritise it. KPMG has carried out a survey on cyber risk and small business reputation, which found that 94% of procurement managers say cyber security standards are important when awarding a project to an SME supplier. Furthermore, the survey also found that of small businesses who responded and who had experienced a breach, 89% stated it had impacted on their reputation.

Increase your available opportunities

As mentioned above, having Cyber Essentials certification can improve your reputation. As a result, you may be eligible for more opportunities to grow your business by being part of the scheme. Having the certification is increasingly becoming a standard requirement for many contracts, and this isn’t just in the public sector. UK Government contracts will now require Cyber Essentials as a minimum level for your data security systems, and many private businesses are following suit.

Reduce your insurance premiums

There are insurers who offer incentives to having Cyber Essentials. For example, some provide lower premiums while others will reduce your excess to £0 if an attack were to occur and you would need to use your cyber insurance. These can all help the certificate to pay for itself.

What next?

If you have decided you need the Cyber Essentials or Cyber Essentials Plus certification, then give us a call and we can get this set up for you. We understand that if you are pitching for a tender or piece of work where this is required, then you may need to get the certificate quickly. If this is the case, call us and we can get going on it immediately. 

Should you still be unsure as to whether you should get Cyber Essentials certified then we have a question for you. If you were hacked tomorrow, what would you do? Fixing a hack could be pretty expensive as you may need your server restored, your data needs to be checked, you may have to report this to the ICO, all of your systems would need to be reviewed and in the process, you could lose clients who are concerned about how this happened and if it will happen again. All of the above is likely to cost a lot more than the cost of the certificate. While you might think this won’t happen, it simply isn’t worth the risk.

How the certificates work

Hopefully, you have now decided to go ahead and get a Cyber Essentials certificate, whether it is the standard certificate or the more detailed Plus iteration. If you go for the standard certificate, one of our team will provide you with a portal link and login credentials. You will then complete a Cyber Essentials self-assessment online. We can support you in completing it if you are uncertain about any of the questions. We will help if you need help understanding anything on the Cyber Essentials checklist. The time it takes to complete the assessment will vary depending on whether you know all of the answers! For some, you may need to check with others in your organisation, but if you want to be fully prepared then you can read the Government’s guidelines on Cyber Essentials. We have had some clients who have finished the full assessment in a few hours.

Once you have submitted your self-assessment, we will be notified and it will be reviewed within 24 hours. If you have passed, you will be able to download your certificate immediately.

With Cyber Essentials Plus, there is still a self-assessment questionnaire to complete but you will also have a technical audit of your systems, an external vulnerability assessment, internal scan and an on-site assessment. 

If you are unsure which certificate is right for you, then we can help advise you. We would recommend the Cyber Essentials Plus certificate if: 

  • Your business needs a more in-depth assessment of your processes and systems
  • A number of your employees work remotely (obviously with the pandemic this is the case at the moment so consider whether this is likely to last for the foreseeable future)
  • Whether any third parties have access to your premises or IT systems

Get Cyber Essentials certified

Hopefully, we have persuaded you to get the Cyber Essentials certificate to keep your business and reputation safe. We can help you get this set up and processed quickly as we understand that data security should always be a priority. Our company offers high-quality and professional IT support to businesses in Essex and London. Whether you are a small start-up in a local town like Brentwood, a family business or multi-million-pound organisation, we can provide you with the data security and IT support you need.


You have always provided us with an amazingly fast and efficient service at a very reasonable cost, going about your work in a very approachable and polite manner. It makes a huge difference and gives us a great sense of security to know that you guys are always on call and available to work through issues that come up.

Tom Lacey, Lacey & Saltikov Architects

Get in touch