Cyber Essentials scheme
Introduction to Cyber Essentials, a UK certification scheme that helps businesses protect themselves against cyber threats.
Cyber Essentials is a government-backed cyber security certification scheme. It helps businesses protect their IT systems using five basic technical controls to prevent common cyber attacks.
What is Cyber Essentials standard?
Cyber Essentials sets basic cyber security standards for all organisations. It covers:
- firewall protection to block unauthorised access
- secure configuration to reduce vulnerabilities
- user access control to manage permissions
- malware protection to prevent harmful software
- security updates to keep systems patched and safe
The National Cyber Security Centre (NCSC) and IASME (the scheme operator) review these standards every year.
Two levels of Cyber Essentials certification
Under the scheme, there are two levels of certification.
1. Cyber Essentials (self-assessment)
To certify, businesses complete a questionnaire on the five key controls. A qualified assessor reviews the responses to verify the information provided. Costs start at £320 plus VAT, depending on business size. Certification lasts 12 months and must be renewed annually.
Download free self-assessment questions and apply online.
2. Cyber Essentials Plus
The higher tier certification includes self-assessment plus a technical audit of your IT systems by a qualified security assessor. Costs depend on your network size and complexity. Certification also lasts 12 months and requires annual renewal.
Get a quote for Cyber Essentials Plus certification.
Cyber Essentials requirements for IT infrastructure
Cyber Essentials requirements update yearly to ensure that technical controls evolve against current risks. Certifications starting on or after:
- 28 April 2025 - use version 3.2 of the NCSC requirements for IT infrastructure
- 27 April 2026 - use version 3.3 of the NCSC requirements for IT infrastructure
Updates adjust how you meet each of the five controls. For example, version 3.3 adds more stringent rules on cloud services (under secure configuration), multi-factor authentication (under access control), and software security. Review the latest NCSC requirements each year before certifying.
How to get Cyber Essentials certified
To certify, check your setup with the free IASME readiness tool. Based on your answers, you will receive a tailored action plan to help you prepare for certification. You can also book a free 30-minute consultation with an NCSC-assured Cyber Advisor and access IASME's Cyber Essentials guidance for more information.
If you already hold a Cyber Essentials certification and need to renew it, review updated requirements early to avoid any compliance gaps and ensure your certification stays valid.
Benefits of Cyber Essentials certification
Certification gives automatic cyber liability insurance to UK businesses with under £20 million turnover (terms apply). It also helps your business:
- reduce cyber security risk
- build trust with customers, suppliers and investors
- win more contracts and attract new business
Cyber Essentials is also mandatory for some public sector suppliers handling personal data or providing certain technical products and services. Read the government procurement policy note to find out more.