Exciting news: British Assessment Bureau will rebrand as Amtivo in Autumn 2026! Find out more here >>

Cyber Essentials & Cyber Essentials Plus

The UK government-backed cyber security standard and assurance scheme

The Cyber Essentials scheme, set by the UK Government, defines a series of technical controls that help organisations strengthen their IT infrastructure and defend against common cyber threats. The scheme is designed to prevent the most frequent internet-based attacks and ensure that appropriate measures are in place to help protect the confidentiality, integrity, and availability of data on all internet-facing devices. Achieving certification provides peace of mind that your defences can withstand the vast majority of common cyber attacks.

amtivo feefo rating

Request a Quote

Enter your details below to get started.

If you would like to learn about the Cyber Essentials and Cyber Essentials Schemes, the benefits they could bring to your business, you’re in the right place. If you would like to find out more about becoming certified and the costs associated with these schemes, visit our Cyber Essentials and Cyber Essentials Plus Certification webpage. 

43%

Of UK businesses reported having experienced a cyber security breach or attack in the past 12 months*

85%

Phishing was the most common type of breach, reported by around 85% of organisations that experienced an incident*

12%

The percentage of UK businesses reported awareness of the Cyber Essentials scheme*

*Source: gov.uk

What Are The Cyber Essentials & Cyber Essentials Plus Schemes?

Cyber Essentials and Cyber Essentials Plus are UK Government-backed cyber security standards that define a baseline level of protection against common cyber threats. 

They focus on preventing the most common internet-based attacks by ensuring organisations implement appropriate technical controls to help protect systems, networks, and data. 

There are two levels of Cyber Essentials. Cyber Essentials – the entry-level scheme and Cyber Essentials Plus – the advanced level. Both demonstrate a commitment to managing cyber security effectively and adhering to the standards established by the UK Government scheme, although to different extents. 

what-is-cyber-essentials

Cyber Essentials is an affordable, entry-level way to demonstrate that you take cyber security seriously. Cyber Essentials Plus builds on this foundation, providing additional reassurance to clients through independent technical testing.

Cyber Essentials vs Cyber Essentials Plus

 

Feature  Cyber Essentials  Cyber Essentials Plus 
Verification  Self-assessment  Independent assessment
Assurance  Foundational  Advanced 
Typical Duration  1–3 days  3–5 days 
Suitable For  SMEs, entry level  Sensitive or regulated data 
Cost  From £320 + VAT  Quoted individually 
Renewal  Annual  Annual 
Entitled to £25k Cyber Liability Insurance Upon Completion  Eligible  Eligible 

Want to learn more about the certification process? See our Cyber Essentials Certification page. 

Five Controls of Cyber Essentials

Cyber Essentials focuses on five key technical controls designed to prevent the most common cyber attacks, with 80% of organisations reporting it helps mitigate cyber risks and 64% agreeing it improves their ability to identify common cyber attacks: 

  • Firewalls & secure internet connections: Blocking unauthorised access 
  • Secure configuration: Protecting devices and software from misuse 
  • Access control: Limiting who can reach sensitive data 
  • Malware protection: Detecting and preventing malicious software 
  • Patch management: Keeping devices and apps updated 

This is the foundation that Cyber Essentials is built on.

Which Organisations Need Cyber Essentials? 

Cyber Essentials is useful for any organisation looking to improve its cyber security, regardless of size or industry. 

Having Cyber Essentials certification can be particularly beneficial for any organisation looking to protect sensitive data, demonstrate cyber security commitment and enhance their reputation, from small, enterprising service providers to large-scale institutions. 

Importantly, Cyber Essentials involves the entire organisation, not just the IT department, emphasising proactive risk management and leadership involvement in making cyber security a strategic priority. 

Businesses that require a higher level of cyber security assurance can benefit from a Cyber Essentials Plus certification. Speak with our team to find out more. 

Website-Image-Templates-600-X-367-px-Cyber-Ess-UK

Certification Benefits

Your organisation could enjoy many of the benefits that Cyber Essentials / Plus certifications can bring.

Cyber Essentials Benefits

  • Certification gives you peace of mind that your defences will protect against the vast majority of common cyber attacks 
  • Stand out from competitors, retain and win more business 
  • Increased credibility and reputation, customers feel more confident in sharing information with you 
  • Raised awareness of threat with staff reduces risk levels 
  • Improved business continuity management 
  • Tender for contracts with the MOD, NHS, and central government work 
  • Reduce your insurance premiums by reducing your resilience to cyber threats 
  • Drive business efficiencies throughout your organisation which helps improve productivity 

Cyber Essentials Plus Benefits

  • Certification gives you peace of mind that your defences will protect against the vast majority of common cyber attacks 
  • Stand out from competitors, retain and win more business 
  • Increased credibility and reputation, customers feel more confident in sharing information with you 
  • Raised awareness of threat with staff reduces risk levels 
  • Improved business continuity management 
  • Tender for contracts with the MOD, NHS, and central government work 
  • Reduce your insurance premiums by reducing your resilience to cyber threats 
  • Drive business efficiencies throughout your organisation which helps improve productivity 

Why Cyber Essentials Matters For Your Business 

  • It meets government and crucial supply-chain requirements (often a prerequisite for public-sector bids) 
  • It instantly builds trust and credibility with clients and partners 
  • It can significantly reduce the likelihood of common, costly cyber incidents 
  • It is valid for 12 months, providing ongoing, recognised assurance (renewable annually) 

Ready To Get Started?

Cyber Liability Insurance – Included with Cyber Essentials Certification

UK-domiciled organisations with a turnover under £20 million that achieve self-assessed Cyber Essentials certification covering their whole organisation may be entitled to Cyber Liability Insurance at no additional cost.

The cover is underwritten by American International Group UK Limited (AIG) and administered by Sutcliffe & Co Insurance Brokers.

Cover summary – £25,000 total limit of indemnity

Certified organisations have access to a 24-hour helpline to report a cyber incident, providing crisis management and incident response support up to the total liability limit of £25,000.

Cover includes:

  1. Liability: Claims arising out of Digital Media Activities and Security and Privacy Liability
  2. Event Management: Reasonable and necessary legal, IT, data recovery, reputation protection, notification, credit and ID monitoring, and first response expenses
  3. Extortion Threat
  4. Regulatory Investigations: Defence costs and regulatory fines (where insurable by law)
  5. Business Interruption: Loss of profit and/or operational expenses caused by a network compromise
  6. Network Interruption: Reasonable and necessary costs to minimise or reduce the impact of a material network interruption

Exclusions and retentions

A £1,000 excess applies to claims, increasing to £5,000 for claims arising from activities in the USA or Canada. A six-hour Network Interruption retention also applies. Money stolen via electronic means or cyber fraud is not covered under this policy.

The £25,000 limit of indemnity may be sufficient for a small incident but may not be adequate for a serious or complex event, or for multiple incidents. Higher limits may be available upon request.

Full details of what is and is not covered are set out in the policy wording provided upon certification. Organisations are advised to seek guidance from their own insurance broker to confirm that this coverage meets their specific needs.

Cyber Essentials Certification FAQs