The Cyber Essentials scheme is supported by the government and is intended to make online businesses in Wales safer. The scheme is designed to protect against cyber threats for small and large organisations.
The Cyber Essentials accreditation is an excellent starting point for businesses that want to enhance online protection. By implementing the Cyber Essentials scheme guidelines, businesses can decrease the risks of up to 80% of common cyber threats.
There are two types of Cyber Essentials accreditation: Cyber Essentials and Cyber Essentials Plus.
Cyber Essentials Certification
What is Cyber Essentials?
Cyber Essentials is a standard set of protocols designed to help businesses mitigate common cyber threats like malware, phishing, ransomware, and network attacks. This scheme has a standard level of accreditation that is self-assessed and covers the 5 key controls:
- Access Control
- Firewall and Internet Gateways
- Security Measures
- Software Patching
Achieving Cyber Essentials Accreditation
While the accreditation is self-assessed, an authoritative figure, often the business owner, must perform the assessment. Before gaining accreditation, all answers must be correct, and a declaration must be signed.
By achieving the Cyber Essentials Accreditation, businesses can protect themselves against basic cyber attacks, demonstrate their trustworthiness to customers, and show a serious commitment to cyber security.
Cyber Essentials Plus Certification
What is Cyber Essentials Plus?
Cyber Essentials Plus accreditation is the top-level cyber security certification the Cyber Essentials scheme offers. It substantially upgrades to the standard Cyber Essentials accreditation and requires hands-on technical assistance from accredited members.
What does Cyber Essentials Plus involve?
The Cyber Essentials Plus scheme includes many physical tests by the assisting expert, and passing the qualification demonstrates that your business has high cyber resilience protocols.
The process involves testing a variety of security measures. From your end-user devices, sample sets are chosen, and tests are carried out. These tests include testing your antivirus, performing vulnerability scans, testing your email and web protection, account separation, and that multi-factor authentication is turned on for your cloud services.
Achieving Cyber Essentials Plus Certification
By achieving the Cyber Essentials Plus certification, businesses demonstrate a clear commitment to cyber security and can display the Cyber Essentials Plus trust badge on the website. This can help partners and customers become more trusting of your business and increase confidence to share sensitive data. The passing of the scheme may also help contribute towards winning business tenders, as Cyber Essentials accreditation is a crucial factor for many businesses’ supply chain requirements within Wales.
Why Cyber Essentials Is Important?
Cyber Essentials is important for any business. Small, medium or large, your business is always at risk of a cyber-attack. If a cyber-attack were to occur, the entire supply chain would likely experience the attack too. Cyber Essentials isn’t just protecting your business from cyber threats; it’s also helping protect your supply chain. Working with a supplier with Cyber Essentials qualifications demonstrates they understand what it takes to stay proactive and minimise cyber threats.
Additionally, the cost of a cyber-attack can permanently harm a small business. In 2022, the cost of a cyber attack on small businesses equated to £4,200 and increasingly rose to £19,400 for medium to large businesses in the same year. Having Cyber Essentials Plus certification can reassure businesses that working with your business is safe.
Cyber Essentials accreditation is vital in 2023, and in combination with cyber security training, businesses can minimise the chances of error by human risk.
Is Cyber Essentials certification difficult?
The standard Cyber Essentials accreditation can be challenging if you’re unaware of basic cyber security guidelines. However, the Cyber Essentials Wales scheme is designed to be achievable for businesses of all sizes and industries.
When assessing through us, we can offer guidance on any questions and assistance for any technical queries. The ‘Requirements for Infrastructure‘ document provided by the NCSC includes excellent information regarding the question set and other security measures for small and medium businesses to help gain Cyber Essentials accreditation.
We’ve helped small, medium and large businesses, charities and third-party sector organisations through Cyber Essentials Wales since 2016.
What is the benefit of assessing through a certifying body?
We can offer guidance through the entire Cyber Essentials and Cyber Essentials Plus process. If you were to assess directly through IASME, you would be assigned to a random assessor who does not directly communicate with you and can only give comments via the assessment portal.
When completing the self-assessment without assistance, you are only allowed two failures before you are made to start again (this includes the payment for the certification).
When assessing through us, you use our branded portal to complete the self-assessment. It is then reviewed by a member of our cyber security team who thoroughly understands the Cyber Essentials mark scheme. They can assess your answers and make suggestions on how you can improve. We can also assist in the steps needed to comply with Cyber Essentials and offer advice.
Is the Cyber Essentials scheme only available in the UK?
Businesses can obtain Cyber Essentials certification even if based outside the UK. Although Cyber Essentials accreditation can be obtained outside of the UK, we recommend using a trusted partner of a cyber resilience centre.
If you’re a business in Wales, we highly recommend using a trusted partner of the Cyber Resilience Centre for Wales (WCRC). As a trusted partner of the CRCW, Excellence IT has helped hundreds of businesses through the Cyber Essentials scheme since 2016.
What is the difference between ISO 27001 and Cyber Essentials?
Cyber Essentials Plus accreditation and ISO 27001 are similarly aligned for businesses looking to improve cyber security compliance. However, there are differences between the two accreditations.
Whilst Cyber Essentials Plus is designed to protect against the most common cyber attacks, ISO 27001 is a risk-based accreditation that focuses on what risks exist in an organisation. ISO 27001 focuses more on implementing procedures, processes and policies.
How much does Cyber Essentials Cost?
Cyber Essentials standard accreditation costs start from £300 +VAT for micro-sized businesses and £500 +VAT for large companies in Wales. The prices are broken down per size of business, and are an estimation:
|Cost in GBP (£)
|Micro Business (0-9 Employees)
|£300 + VAT
|Small Business (10-49 Employees)
|Medium Business (50-249 Employees)
|Large Business (250+ Employees)
These prices are for certification only and do not include any assistance or consultancy from the experts at Excellence IT.
Cyber Essentials Plus costs vary, as this accreditation is not self-assessed; the approach requires outsourcing for hands-on assistance from cyber security experts. The size of the business plays a significant factor in the pricing, but an estimate of £1,900 – £4,000 + VAT is the average cost for Cyber Essentials Plus in Wales.
Is Cyber Essentials Worth It?
Cyber Essentials is essential for every business to stay safe online. Protect your business, supply chain and customer data by completing the Cyber Essentials Plus certification.
Cyber Essentials Plus as a Service (CE+aaS) is offered by Excellence IT. It is a way to spread the Cyber Essentials Plus certification’s cost while ensuring your devices stay safe and compliant. We provide regular vulnerability scans using our Qualys agent and in-depth reports of your current estate and any vulnerabilities that need addressing.
Cyber Essentials as a Service also ensures that you are prepared for your renewal as your devices will generally be in better health than if you were to let Cyber Essentials Plus roll around every year and be in a position where you have many vulnerabilities stacked up.
Cyber Essentials Wales accreditation is essential for every business to stay safe online. Protect your business, supply chain and customer data by completing the Cyber Essentials Plus certification.
If you’re looking for assistance with your Cyber Essentials in Wales, as a service or for accreditation, Excellence IT is a cyber security-first Managed Service Provider, and we help businesses achieve Cyber Essentials certification daily.
To speak to a Cyber Security Expert about Cyber Essentials certification, email us at firstname.lastname@example.org or submit a form at the bottom of this page.
Writes about IT Support and Cyber Security.