Cyber Essentials and Cyber Essentials Plus

  • Foundation

What is Cyber Essentials ?

Cyber Essentials and Cyber Essentials Plus are certifications that help organisations protect themselves against common cyber threats by implementing basic security controls

Government-Backed

Government-Backed

Developed by the National Cyber Security Centre (NCSC), Cyber Essentials is widely recognised as a trusted standard across organisations of all types and sectors however it is a compulsory requirement to work with MOD or Government

Protects Against 80% of Attacks

Protects Against 80% of Attacks

The five technical controls required by Cyber Essentials protect against the vast majority of common internet-borne cyber attacks including phishing, malware and ransomware.

Win More Business

Win More Business

Achieving Cyber Essentials can help organisations secure more contracts and build trust across their supply chain, making them more appealing to prospective clients

Free Cyber Insurance

Free Cyber Insurance

UK-based organisations that achieve Cyber Essentials covering their entire organisation are eligible for free cyber insurance up to £25,000 (conditions apply).

Cyber Essentials

Self-assessment, verified by assessor

Cyber Essentials Plus

Technical audit, hands-on verification

Compliments ISO 27001

CE works in tandem with the ISO 27001 standard

  • Comparison

Cyber Essentials VS
Cyber Essentials Plus

Cyber Essentials is an online self-assessment that demonstrates your organisation meets key cyber security controls, while Cyber Essentials Plus provides added assurance of independent technical testing to verify the Cyber Essentials controls are applied in practice. You must achieve Cyber Essentials before moving onto Cyber Essentials Plus.

Feature

Cyber Essentials (CE)

Cyber Essentials Plus (CE+)

Assessment Type
Self-assessment questionnaire
Independent technical audit
Verification
Reviewed by a certification body
Verified through remote testing
Level of Assurance
Basic
Advanced (higher level of confidence)
Testing of Systems
No direct system testing
Includes vulnerability scans and practical tests
Certification Validity
12 months
12 months
Suitable For
Organisations wanting baseline protection
Organisations needing stronger assurance or handling sensitive data
Typical Use Case
Entry-level certification
Often required for higher-risk or sensitive contracts e.g. MOD & Gov
Go Back