Governance & Compliance · Cyber Essentials
Five Controls.
Real Protection.
Cyber Essentials is the UK government-backed scheme that protects against the most common cyber threats. It's straightforward, affordable, and increasingly required by clients, insurers, and public sector contracts.
What Is It
The UK's baseline for
cyber hygiene.
Cyber Essentials is a UK government-backed certification scheme developed by the NCSC (National Cyber Security Centre). It defines five fundamental security controls that, when implemented correctly, protect organisations against the vast majority of common cyber attacks.
It's not designed to address sophisticated nation-state threats — it's designed to close the basic gaps that account for the majority of successful cyber incidents: unpatched software, weak passwords, open firewall ports, and misconfigured systems.
For many organisations, Cyber Essentials is the practical first step on a security improvement journey — achievable within weeks, not months, and with a certificate that demonstrates to clients and insurers that you take the basics seriously.
Of Attacks Prevented
The NCSC estimates CE certification prevents around 80% of common cyber attacks.
Technical Controls
Just five focus areas — practical, achievable, and impactful for any size of organisation.
Gov Contract Threshold
Required for all UK government contracts involving handling of personal data or sensitive information.
Certification Levels
Cyber Essentials (self-assessed) and Cyber Essentials Plus (independently verified).
Certification Levels
Cyber Essentials vs Plus — what's the difference?
Both certifications cover the same five controls. The difference is in how compliance is verified.
Self-Assessment
You complete a questionnaire attesting that you meet the five control requirements. Submitted to a certifying body who reviews your answers and issues certification if satisfied.
Independently Verified
Everything in Cyber Essentials, plus an independent technical assessment by a certifying body — including vulnerability scanning and hands-on testing of your systems.
The Five Controls
What Cyber Essentials actually requires
Five technical controls. Each one closing a specific category of common attack. Click to explore what each actually means in practice.
Who Needs It
Cyber Essentials makes sense when you...
It's one of the most accessible security certifications available — here's where it matters most.
Bid for government contracts
Mandatory for UK government contracts involving personal data. Without it, you can't bid — regardless of how good your solution is.
Supply enterprise clients
Large organisations increasingly require CE certification from suppliers as part of their procurement and third-party risk processes.
Want cyber insurance
Many cyber insurers require CE certification or use it to reduce premiums — demonstrating baseline controls reduces your risk profile.
Starting your security journey
CE is the practical first step — addressing the fundamentals before tackling ISO 27001 or more complex frameworks.
Handle personal or sensitive data
If you process personal data on behalf of others, CE demonstrates you have the baseline controls in place to handle it responsibly.
Want to win client trust
Displaying the Cyber Essentials badge tells prospects and clients you've been independently assessed against a recognised UK government standard.
How We Help
From gap to certified in weeks
We handle the preparation — so the certification process is straightforward, not stressful.
Readiness Assessment
We review your current environment against the five Cyber Essentials controls — identifying what's already in place, what's missing, and what needs to change before you submit.
Remediation Support
Where gaps exist, we help you close them — firewall rules, patch status, MFA rollout, malware protection configuration — remotely and efficiently.
Questionnaire Guidance
We guide you through the self-assessment questionnaire — making sure your answers accurately reflect your controls and avoid the common mistakes that lead to failed assessments.
CE Plus Preparation
If you're going for Cyber Essentials Plus, we prepare you for the technical verification — ensuring your systems are ready for the independent scan and assessment.
Annual Recertification
Cyber Essentials certificates last 12 months. We support your annual renewal — reviewing what's changed and keeping your certification current without the scramble.
Pathway to ISO 27001
CE gives you a solid baseline. We can help you build on it towards ISO 27001 — so your compliance journey is progressive, not repetitive.
How It Works
From first conversation to certified
A simple, fast process — typically completed in two to six weeks.
Assess
We review your environment against all five controls and identify exactly what needs to change before you can certify.
Remediate
We help you close any gaps — remotely configuring and verifying controls until you're genuinely ready to submit.
Submit
We guide you through the questionnaire submission to the certifying body — accurately and completely, first time.
Certified
Certificate issued. Badge displayed. We help you plan your annual renewal before it expires.
What You Get
More than just a badge
The certificate matters — but here's what it actually represents.
Government Contract Eligibility
Meet the mandatory requirement for UK government contracts handling personal or sensitive information.
~80% Attack Prevention
The five controls address the most common attack vectors — phishing, malware, ransomware, and exploitation of unpatched systems.
Insurance & Procurement Leverage
Reduce cyber insurance premiums and satisfy supplier qualification requirements from enterprise clients.
Client-Facing Credibility
Display the NCSC-backed badge on your website and proposals — independently verified, not self-declared.
A Foundation for ISO 27001
CE covers several ISO 27001 Annex A controls — your investment in certification isn't wasted as your security programme matures.
Free Cyber Insurance (CE)
NCSC provides free cyber liability insurance (up to £25k) with standard Cyber Essentials certification for eligible UK organisations.
Ready to get certified?
Whether you need to hit a contract deadline or just want to know where you stand, we'll assess your readiness, close the gaps, and get you through certification — fast.