Cyber Essentials is a scheme created by the UK Government in June 2014, with the primary aim of encouraging businesses of all sizes to review their IT security and adopt best practices quickly and cost effectively.
We have spent quite a bit of time assisting businesses in securing Cyber Essentials certification, so we know a thing or two about how it works.
Below are some common FAQs about getting Cyber Essentials certified...
What does Cyber Essentials do for me?
Cyber Essentials offers a structured framework designed to strengthen your organisation’s defence, focusing on key security measures such as:
- Firewall Configuration
- Secure Configuration
- User Access Control
- Malware Protection
- Patch Management
By ticking all these boxes, you are ensuring your organisation has the most fundamental IT security controls in place. Remember, it’s the fundamentals that are often neglected, and most regularly taken advantage of if left alone.
I only have a small business - is Cyber Essentials overkill for me?
Not at all – Cyber Essentials was designed for the smaller businesses who can’t afford in-house IT security teams, so they can maintain the level of security of larger organisations.
Read our blog “My business is too small” and other cyber security myths, to learn why being a small business still makes you a target.
We have internal IT staff, wouldn’t they take care of this?
Internal IT teams might maintain your IT security, but by certifying with Cyber Essentials you are showing your customers, partners and suppliers that you take cyber security seriously and value keeping their data safe.
Nothing says trustworthy like becoming certified with a nationally recognised standard for best practice in cyber security.
It sounds great, but we’ve never really been hacked, is this certification necessary?
It’s almost impossible now to find an organisation that hasn’t had some kind of IT security incident; in 2024, 50% businesses experienced a cyber attack or breach.
Think of not being Cyber Essentials certified like leaving your front door unlocked; you could go for years without a break-in, but it’s not something you’d risk!
If we have Cyber Essentials will that keep our business completely secure?
Cyber Essentials combats the most common cyber security risks. It ensures that all the basics - like firewalls, secure configuration and malware protection - are all in place. While preparing for the certification does provide a certain level of security for your business, it does not provide the proactive support or monitoring an IT provider or IT manager can offer on a day-to-day basis. To remain fully protected, Cyber Essentials needs to be implemented in combination with proactive security planning.
What do we do to get certified?
The process is simple. In short, it goes like this:
- We first scope your IT to understand the gaps required to become Cyber Essentials compliant.
- We then go through the work required to cover those gaps - this could be anything from replacing a computer or two, to an entire network overhaul.
- Resolve then completes and submits the Cyber Essentials questionnaire.
- If you've opted for Cyber Essentials Plus, it's at this point you engage with Resolve's partner, who will conduct the audit of your systems.
- Resolve then handles the Cyber Essentials Plus certification with our partner.
To learn more, visit the IASME website — the official Cyber Essentials partner.
I don’t have time for this, can Resolve help?
We can guide your organisation through the entire certification process. There are various things you have to put in place to achieve certification, and we can work with you to make sure you've got all your (security) ducks in a row. If you have internal IT staff, they can manage it too — but either way, we’re happy to support both technical teams and business leaders alike.
Get in touch if you’d like to chat about how we can assist.
A few important facts about Cyber Essentials
- The Cyber Essentials certification is valid for one year and needs renewing annually
- There are two levels: Cyber Essentials and Cyber Essentials Plus
- Certification is often required for government contracts and can reduce insurance premiums
What next?
Our support customers have access to the most in-depth cyber security services and solutions on the market, including our real-time monitoring security service, Resolve Cyber Security, which includes getting Cyber Essentials certified.
