Cyber Essentials.
Done properly.
The UK government-backed certification that protects your organisation against the most common cyber attacks. Guided by our NCSC Cyber Advisor, from gap to certified.
Not optional. Not for long.
Cyber Essentials is a UK government-backed certification scheme that helps protect your organisation against a whole host of cyber attacks. It verifies that five core technical controls are in place.
In 2025, 43% of UK businesses reported suffering a cyber attack, and yet many business owners, heads of charities and senior managers are not sufficiently informed about the support available to them.
Cyber Essentials is dependable, and in some cases indispensable. It is increasingly required by government contracts, funders, prime contractors and clients who are discerning about their supply chain. Cyber Essentials Plus encompasses all the benefits of the standard certification, with the additional advantage of a technical
verification carried out by an accredited professional.
43%
of UK businesses reported a cyber attack in 2025
Why get certified
Protection from common attacks
The five controls defend against
phishing, malware, ransomware and
credential theft.
Win government contracts
CE is mandatory for all UK government
contracts involving personal or sensitive
data.
Access MOD supply chain
CE Plus is required for MOD contracts,
tenders and DEFCON 658 compliance.
Meet funder requirements
Grant-making bodies and local
authorities increasingly require CE for
charities.
Stand out from competitors
Certification distinguishes you from
organisations with no accreditation at all.
Cyber insurance benefits
Many insurers offer better premiums and
terms to CE certified organisations.
Cyber Essentials.
Cyber Essentials Plus.
Two levels of the same government-backed certification. The right one depends on what you need it for.
Cyber Essentials
- Covers the five core technical control areas
- Gap assessment before submission — no surprises
- Guidance from our NCSC Cyber Advisor throughout
- Policy templates and implementation checklists
- Certificate valid for 12 months, issued by IASME
- Meets most government, funder and client requirements
Cyber Essentials Plus
- Bespoke audit of your organisation’s security posture
- Internet gateways and servers tested for vulnerabilities
- On-site and off-site system configuration assessment
- Vulnerability assessment of your full environment
- Required for MOD contracts, DEFCON 658 and prime
- contractors
- Stronger evidence for insurance and supply chain audits
- Greater competitive differentiation and peace of mind
Three simple packages. One goal.
All packages delivered by our NCSC Certified Cyber Advisor. Keep threats out, keep business running.

CoreProtect
Understand where you stand.
WHAT’S INCLUDED:
- Up to two 1:1 calls with our NCSC Certified Cyber Advisor
- RAG Assessment. Red/amber/green review against Cyber Essentials
- Recommended actions to improve compliance
- Follow-up Q&A to address challenges and clarify next steps

SecurePlus
Step-by-step to certification.
WHAT’S INCLUDED:
- Four calls with our NCSC Certified Cyber Advisor
- RAG Assessment. Red/amber/green review against Cyber Essentials
- Step-by-step guidance to meet all five control requirements
- Policy templates and implementation checklists
- Pre-assessment review of your questionnaire
- A personalised implementation plan

TotalDefense
Full-service. Assessment included.
WHAT’S INCLUDED:
- Everything from SecurePlus
- On-site RAG assessment with device review
- Detailed remediation plan based on technical scans
- 8-week programme with weekly check-in calls
- Cyber Essentials assessment fee included
If the contract asks for it,
we’ll get you there.
MOD Supply Chain
CE Plus is required for MOD contracts. We understand the defence supply chain, timelines, and what prime contractors expect from their supply base.
Charities & Non-Profits
rant-making bodies and local authorities increasingly require CE as a condition of funding. We help charities meet funder deadlines, including fast-track certification.
SMEs & Professional Services
Growing businesses supplying into larger organisations are increasingly required to hold CE. Get certified before a client asks, not after the contract is at risk.
Things people ask us first
The questions that come up in almost every first conversation. If yours isn’t here, we’d rather you ask.
How long does Cyber Essentials take?
2–4 weeks for CE with reasonable existing controls. CE Plus typically 4–8 weeks. Our TotalDefense package runs as an 8-week programme. We can work to tight funder deadlines when needed.
What’s the difference between CE and CE Plus?
CE is a self-assessed questionnaire verified by an accredited assessor. CE Plus adds independent technical verification of your actual systems, including internet gateway and server testing, and on-site and off-site configuration assessment. CE Plus is required for MOD
contracts.
Do we need CE Plus for MOD contracts
Yes. CE Plus is required for MOD supply chain contracts and DCC (Defen compliance. We perform the bespoke audit, test gateways and servers, and guide you through the full technical verification process.
Something to protect
Our Managed IT service is designed for teams that can’t afford downtime, data loss, or a failed audit.
Not sure how resilient your
organisation actually is?
Book a free 30-minute Cyber Resilience Check with our cyber team. We will walk through your current posture, ask you the right-of-boom questions that most organisations haven’t considered, and give you an honest picture of where you stand. No sales pitch. No technical jargon.

