Cyber Essentials is a scheme created by the UK Government in June 2014, with the primary aim of encouraging businesses of all sizes to review their IT security and adopt best practices quickly and cost effectively.
We have spent quite a bit of time assisting businesses in securing Cyber Essentials certification, so we know a thing or two about how it works.
Below are some common FAQs about getting Cyber Essentials certified...
What does Cyber Essentials do for me?
Cyber Essentials offers a structured framework designed to strengthen your organisation’s defence, focussing on key security measures such as:
- Firewall Configuration
- Secure Configuration
- User Access Control
- Malware Protection
- Patch Management
By ticking all these boxes, you are ensuring your organisation has the most fundamental IT security controls in place. Remember, it’s the fundamentals that are often neglected, and most regularly taken advantage of if left alone.
I only have a small business - is Cyber Essentials overkill for me?
Not at all – Cyber Essentials was designed for the smaller businesses who can’t afford in-house IT security teams, so they can maintain the level of security of larger organisations.
Read our blog “My business is too small” and other cyber security myths, to learn why being a small business still makes you a target.
We have internal IT staff, wouldn’t they take care of this?
Internal IT teams might maintain your IT security, but by certifying with Cyber Essentials you are showing your customers, partners and suppliers that you take cyber security seriously and value keeping their data safe.
Nothing says trustworthy like becoming certified with a nationally recognised standard for best practice in cyber security.
It sounds great, but we’ve never really been hacked, is this certification necessary?
It’s almost impossible now to find an organisation that hasn’t had some kind of IT security incident; in 2024, 50% businesses experienced a cyber attack or breach.
Think of not being Cyber Essentials certified like leaving your front door unlocked; you could go for years without a break-in, but it’s not something you’d risk!
What do we have to do to get certified?
The process is simple. In short, it goes like this:
- You find a Cyber Essentials certification body that works for you – find a certification body. They will evaluate your current cybersecurity practices against the Cyber Essentials requirements.
- You will then complete some questionnaires to verify that you meet the standards set by Cyber Essentials.
- Finally, you have your answers verified to become Cyber Essentials certified!
To learn more, visit the IASME website — the official Cyber Essentials partner.
I don’t have time for this, can Resolve help?
If you outsource your IT services to a provider like Resolve, we can guide your organisation through the entire certification process. If you have internal IT staff, they can manage it too — but either way, we’re happy to support both technical teams and business leaders alike.
Get in touch if you’d like to chat about how we can assist.
A few important facts about Cyber Essentials
- The Cyber Essentials certification is valid for one year and needs renewing annually
- There are two levels: Cyber Essentials and Cyber Essentials Plus
- Certification is often required for government contracts and can reduce insurance premiums
What next?
Our support customers have access to the most in-depth cyber security services and solutions on the market, including our real-time monitoring security service, Resolve Cyber Security, which includes getting Cyber Essentials certified.
