Cyber Essentials vs Cyber Essentials Plus : What is right for you?

Chloe Ireton

Chloe Ireton

My name is Chloe and I am in charge of all things marketing at Nebula. I started as an apprentice at the start of January 2024, and completed a degree in Graphic Design previously. Outside of work, I love everything to do with motorsports – I try and attend car shows and events as much as possible. Aside from this, I find that being out in nature and walking is very beneficial and allows me to have some time away from the screens.

Published on July 15th, 2024|Last updated on July 23rd, 2024

As we reported in a recent blog post, the NCSC Cyber Essentials programmes turned 10 years old in June, and after getting off to a slow start are growing in popularity. They are a certified framework you can follow to help protect your business from cyber threats

There are two accreditations you can go for: a basic self-certification accreditation, and a heavier-weight version which is independently audited to provide extra credibility.

One question we get asked a lot though is: Which Cyber Essentials package is right for me? So let’s answer that question now.

Cyber Essentials

Cyber Essentials is the basic package but yet it instils essential security measures into your business. They not only significantly reduce the risk of your becoming a victim of cybercrime, but also act as a sales and marketing tool, with the Cyber Essentials logo you can display signifying professionalism, data security and quality.

You can self-certificate under this form of Cyber Essentials with a certification fee to pay of between £320 + VAT and £600 + VAT depending on your size.

The technical framework you have to demonstrate you adhere to is five pronged, covering:

  • Firewalls
  • Security configuration
  • Security update management
  • User access control
  • Malware protection

Although you can self-certify, we do offer a consulting service on Cyber Essentials to ensure you get it right and achieve the accreditation as seamlessly as possible. This includes producing a detailed plan to show you the next steps necessary to obtain the accreditation, identifying gaps in your posture and the solutions required, and attending board meetings. Find out more.

Cyber Essentials Plus

As we explained earlier, Cyber Essentials Plus follows the same framework of firewalls; security configuration; security update management; user access control and malware protection. But it requires an independent audit to formally sign off your compliance. While this comes with an extra cost, it provides an extra layer of assurance to your stakeholders that you have robust cyber defences.

In fact, if you work in certain sectors it also unlocks access to MOD supply chains which otherwise would not be available to you.

Again we can offer you an expert consultation service for Cyber Essentials Plus. It includes a bespoke audit of your business to find any areas vulnerable to cybercrime and fraud, testing internet gateways and servers to ensure public facing services are as secure as possible, and assessing the vulnerability of both onsite and offsite system configurations protecting your business further. We will guide you to the finish line of Cyber Essentials Plus. Find out more.

Which is right for me?

As you can imagine the fees and workload for Cyber Essentials Plus are higher, in return for the greater assurance you get. Cyber Essentials is a great start for most businesses, significantly improving your security posture for very modest fees.

If it is important to you to display even more heightened security, say because you work in a regulated industry like financial services, handle lots of sensitive data, or need access to the MOD supply chain then the extra costs for Cyber Essentials Plus will be well worth paying for the protection, reputational enhancement and return on investment you can yield.

To make a no obligation Cyber Essentials or Cyber Essentials Plus enquiry, please complete the form.