If you are starting to look at cyber protection for your business, then the UK Government backed Cyber Essentials scheme is a great place to start.
In fact, these are excellent standards to consider, wherever you are on your journey – at North Green, we go through the annual process for both Cyber Essentials and Cyber Essentials Plus.
But what exactly is Cyber Essentials? In this blog, we look at the certification standards, what they cover, and the cost involved.
What is Cyber Essentials?
Cyber Essentials and Cyber Essentials Plus are two certifications that companies can use to demonstrate their commitment to implementing cyber security best practices.
Both certifications are backed by the UK government and focus on providing organisations of all sizes with guidance on the steps they should take to protect against a cyber attack.
Cyber Essentials accreditation can help you:
- reassure customers that you are working to secure your IT against cyber attack.
- attract new business with the promise you have cyber security measures in place.
- give a clear picture of your organisation’s cyber security level.
- grow business, as some Government contracts require Cyber Essentials certification.
Cyber Essentials (Basic)
The Cyber Essentials certification is a self-assessment questionnaire that helps organisations review and improve their cyber security posture.
The questionnaire covers five key areas of cyber security:
– firewalls
– secure configuration
– user access control
– malware protection
– patch management
Once you complete the Cyber Essentials questionnaire and submit your responses for review, if your answers meet the required standard, then you will receive a Cyber Essentials certification.
At this point, any organisation with a turnover of less than £20 million, that has included the whole organisation in the scope of their assessment, will get automatic cyber liability insurance valued at £25,000 provided by Sutcliffe & Co Insurance Brokers.
This is free of charge and would be used toward the cost of:
- technical incident response team to help identify the issue and restore systems and data.
- legal team who would deal with any litigation or regulatory issues such as a breach of Data Protection Act
- crisis management and PR support to assist with communication management
Your Cyber Essentials certification will last for 12 months, so you will need to repeat the process annually to retain the standard.
Cyber Essentials Plus
Cyber Essentials Plus is a more rigorous certification process, which involves an external party conducting an assessment of your cyber security posture.
In addition to the self-assessment questionnaire, a certified assessor will perform vulnerability scans and simulated attacks on your organisation’s systems to identify any potential weaknesses. The assessor will then provide a report with recommendations for improvement, and your organisation will receive a Cyber Essentials Plus certification if they meet the required standard.
This is conducted by a certification body that has been approved by IASME and demonstrates that your organisation’s cyber security measures are not just theoretical or paper-based, but are actually implemented and functioning correctly, and can stand up to a real world attack.
Companies working toward Cyber Essentials Plus must have completed their self-assessment questionnaire within the three months prior to applying.
Just as with Cyber Essentials, certification is valid for 12 months.
How much does Cyber Essentials cost?
The Cyber Essentials self-assessment questionnaire may be downloaded at any point free of charge.
The pricing for Cyber Essentials certification starts at £300 (excl VAT) for micro-sized organisations, with the cost increasing on a sliding scale, based on company size, to reflect the complexity involved in assessing larger organisations:
Micro organisations (0-9 employees) £300 + VAT
Small organisations (10-49 employees) £400 + VAT
Medium organisations (50-249 employees) £450 + VAT
Large organisations (250+ employees) £500 + VAT
Because the Cyber Essentials Plus assessment involves technical experts, there is no standard pricing – instead, it is quoted for on an individual basis. Businesses can only charge the assessment rate set by IASME and the UK Government for the certification aspect, however the time taken to conduct the assessment and the supporting consultancy can vary in price.
If you are looking to secure your organisation and want advice from our team of experts, get in touch and we can provide guidance of the appropriate steps to take. Our team are certified Cyber Essentials & Cyber Essentials Plus assessors and hold the Cyber Advisor (Cyber Essentials) qualification to demonstrate our commitment to providing appropriate and valuable advice.
What is CHECK? Exploring qualifications and pathways.
Like many industries, cyber security is full of acronyms and abbreviations – and this also extends into qualifications. We talk to and work with a lot of people who are either trying to break into a career in penetration testing, or who work at a consultancy that...
How can you protect yourself from malware?
The world has changed – and that change is only set to continue. Whether at home or in our professional lives, we are more connected than ever before and have multiple devices that we use daily, from smartphones and tablets to PCs and more. The drawback to this...
How secure is your password really?
For years we’ve been told that the best approach to staying secure is to have a good password. Conventional wisdom says that this should be at least nine characters long and use a combination of upper and lower case characters, numbers, and special characters. But I...
The importance of penetration testing for small businesses
In today's digitally driven world, small businesses are increasingly becoming targets of cyber threats. Yet despite some perceptions that cyber attacks are aimed at large organisations and corporate bodies, the truth is, every business, regardless of size, is...