skip to main content

Cyber Essentials (UK)

How to Get Cyber Essentials Certification?

To obtain Cyber Essentials certification, organisations must complete an online self-assessment questionnaire covering five key security controls:

  • Secure your Internet connection

  • Protect your devices and software

  • Control access to your data and services

  • Protect from viruses and other malware

  • Keep your software and devices up to date

After completing the self-assessment, the organisation submits it for review, and if successful, they receive certification.

What is Cyber Essentials Certification?

Cyber Essentials certification is a recognised standard in the UK that demonstrates an organisation has taken steps to secure its data and networks from common cyber threats. It assures clients, partners, and stakeholders that the organisation meets a baseline level of cyber security.

How Long Does Cyber Essentials Certification Last?

Cyber Essentials certification lasts for 12 months. After this period, the organisation must recertify to maintain its certification.

How Long Does Cyber Essentials Take?

The process of obtaining Cyber Essentials certification typically takes between 2-6 weeks depending on the size and complexity of the organisation. This time frame includes completing the self-assessment and the review process.

Is Cyber Essentials Mandatory?

Cyber Essentials certification is not legally mandatory for most organisations. However, it is strongly recommended, especially for businesses that handle sensitive data, and it is a requirement for some contracts, particularly in public sector procurement.

What Does Cyber Essentials Cover?

Cyber Essentials covers the following key areas:

  • Secure configuration of systems

  • Firewalls and internet gateways

  • Access control to data and services

  • Protection against malware

  • Software patch management

These measures protect against the most common cyber security threats.

Who Needs Cyber Essentials?

Cyber Essentials is suitable for all businesses, regardless of size. It is particularly beneficial for small to medium-sized enterprises (SMEs) that may not have extensive in-house IT security resources. Businesses seeking government contracts or working with sensitive information are often required to have Cyber Essentials certification.

See our platform
in action

Identify your security risks, educate employees in real-time, and prevent breaches with our innovative Human Risk Management Platform.

Learn more