This website uses cookies. View our cookie policy
Select regional store:

Cyber Essentials

What is Cyber Essentials?

Cyber Essentials is a cybersecurity certification scheme that sets out a good baseline of cybersecurity suitable for all organizations in all sectors. The scheme addresses five key controls that, when implemented correctly, can prevent around 80% of cyber attacks.

The scheme is backed by major industry players including BAE Systems, Lockheed Martin, Barclays and Hewlett-Packard. The Information Commissioner has stated that he “supports the Cyber Essentials Scheme and encourages all businesses to be assessed against it."

Why do you need Cyber Essentials?

With Cyber Essentials you can focus on your core business objectives, knowing that you’re protected from the vast majority of common cyber attacks. You will also be able to drive business efficiency, save money, and improve productivity by streamlining processes.

Achieving certification will also help you to work towards other compliance requirements, such as ISO 27001 and the EU General Data Protection Regulation.

Demonstrate security

Demonstrate to clients, insurers, investors, and other interested parties that you have taken the precautions necessary to reduce cyber risks.

Increase opportunities

Focus on your core business objectives knowing that you’re protected from the vast majority of common cyber attacks

Save money

You will also be able to drive business efficiency, save money, and improve productivity by streamlining processes.


For more benefits on Cyber Essentials, go to our Cyber Essentials benefits page >>


The two levels of certification

There are two levels of Cyber Essentials certification available to your organization: Cyber Essentials and Cyber Essentials Plus.

Cyber Essentials

The Cyber Essentials certification process includes a self-assessment questionnaire (SAQ) and an external vulnerability scan.

Cyber Essentials Plus

Cyber Essentials Plus certification includes all of the assessments for the Cyber Essentials certification but includes an additional internal scan and an on-site assessment.


The five key controls


How to get certified

We have developed three fixed-price packaged solutions: Do It Yourself, Get A Little Help, and Get A Lot Of Help to support certification to either Cyber Essentials or Cyber Essentials Plus at a pace and for a budget that suits you.


Why choose IT Governance for Cyber Essentials certification?

IT Governance is the leading CREST-accredited certification body and has awarded hundreds of certifications, with many more companies achieving certification every day. Cyber Essentials clients include companies such as Vodafone, Airbus Defence and Space Ltd, Action for Children, and ELEXON. 

  • You can conduct the entire certification process online, without any expert cybersecurity knowledge, with our CyberComply portal.

  • We provide all the tools and resources needed to achieve CREST-accredited certification at both levels of the Cyber Essentials scheme.

  • We deliver all the technical tests and assessments, conducted by our experienced, CREST-accredited testers.

  • By choosing a CREST-accredited certification body like IT Governance, you will benefit from the added level of independent verification of your cybersecurity status provided by an external vulnerability scan. Non-CREST-accredited certification bodies issue certificates purely on the submission of a self-assessment questionnaire, without assessing the status of the client’s networks and applications.


Completely new to Cyber Essentials?

Begin your journey towards certification today—use our very own pocket guide to give you a basic understanding of the Cyber Essentials scheme. Buy your pocket guide today.


Background of the Cyber Essentials scheme

The Cyber Essentials scheme is a key deliverable of the UK’s National Cyber Security Program. Realizing that the controls in its 2012 guide, 10 Steps to Cyber Security, were not being implemented effectively, the government instigated a call for evidence on a preferred cybersecurity standard. In November 2013, it concluded that no individual standard met its specific requirements, so it developed the Cyber Essentials scheme.

  • Cyber Essentials delivers the basic controls that all organizations should implement to mitigate the risk from common Internet-based threats.

  • The scheme provides a mechanism for organizations to demonstrate to customers, investors, insurers, and others that they have taken essential precautions to secure against the majority of cyber risks.

  • A recent report by the government, UK cyber security: the role of insurance in managing and mitigating the risk, revealed plans to include Cyber Essentials certification in insurers’ risk assessments for SMEs.

  • Cyber Essentials enables companies to successfully tender for government contracts. View the UK Government’s procurement policy notice here.


The Cyber Essentials scheme is increasingly popular within the private sector; more than 1,200 organizations have adopted the scheme to date. Insurance firms have recognized that Cyber Essentials certification is a valuable indicator of a mature approach to cybersecurity and, according to a government report, Cyber Essentials certification can also contribute to the reduction of risk.