Menu
30+ Reviews
Cyber Essentials is a UK government-backed certification scheme that helps organisations protect against the most common cyber threats by implementing five key technical controls: firewalls, secure configuration, user access control, malware protection, and security update management. It provides a straightforward, self-assessed certification to demonstrate your commitment to cyber security.
Cyber Essentials Plus builds on this foundation by adding an independent technical audit to verify that these controls are effectively implemented. This higher level of assurance is recommended for organisations handling sensitive data or bidding for UK Government contracts. Together, these certifications help businesses reduce cyber risks and increase trust with clients and partners.
Cyber Essentials Plus is the UK government-backed advanced cyber security certification building on the basic Cyber Essentials scheme. Launched in 2014 and overseen by the National Cyber Security Centre (NCSC), the Cyber Essentials scheme defines five key technical controls: firewalls, secure configuration, user access control, malware protection, and security update management. These ensure your internet gateways are secure, IT systems are safely configured, user permissions are appropriate, devices are protected from malware, and software stays updated.
Basic Cyber Essentials certification is a self-assessment process involving a questionnaire signed off by a senior officer and reviewed externally. Cyber Essentials Plus requires this basic certification first and adds independent technical testing, including external vulnerability scans, internal device testing, and malware protection checks by an accredited IASME Certification Body.
Achieving Cyber Essentials certification helps protect against around 80% of common cyber threats such as phishing and malware. Cyber Essentials Plus is recommended for organisations bidding for UK Government contracts handling sensitive data, providing stronger assurance through hands-on testing. It helps demonstrate commitment to data protection, supply chain security, and risk management to clients, suppliers, insurers, and public sector buyers.
Our Cyber Essentials Plus service begins with a practical gap analysis of your current cyber security, assessing your IT infrastructure against the five Cyber Essentials controls: firewalls, secure configuration, user access control, malware protection, and security update management. These controls apply to all devices, user accounts, and cloud services within your organisation’s scope for comprehensive protection.
We provide a clear remediation plan covering actions like changing default passwords, tightening firewall rules, enabling multi-factor authentication, reviewing cloud services, installing or checking anti-malware software, updating operating systems, removing unsupported software, and improving update management. Our advice is straightforward, and we offer practical support to implement it.
We guide you through the self-assessment and prepare you for the Cyber Essentials Plus audit, which typically takes 4-6 weeks. The Plus audit includes external and internal vulnerability scans, malware protection checks, and verification of key controls via on-site, remote, or blended assessments.
After certification, we support annual renewal and compliance monitoring. Certificates last 12 months and must be renewed annually. Eligible organisations with turnover under £20 million may also access free Cyber Liability Insurance upon certification.
Cyber Essentials Certificate – Business Price
£599.00 +VAT
Per Organisational Certificate Per Annum
Cyber Essentials Certificate – Not-For-Profit Price
£499.00 +VAT
Per Organisational Certificate Per Annum
Business Price
Not-For-Profit Price
1-9 Employees
£1,450.00 +VAT
10-49 Employees
£1,650.00 +VAT
50-99 Employees
£2,050.00 +VAT
100-499 Employees
£3,095.00 +VAT
1-9 Employees
£1,350.00 +VAT
10-49 Employees
£1,550.00 +VAT
50-99 Employees
£1,950.00 +VAT
100-499 Employees
£2,995.00 +VAT
Per Organisational Certificate Per Annum
Per Organisational Certificate Per Annum
Our certified Cyber Advisors are here to make the path to Cyber Essentials straightforward and stress-free. Get in touch today and let’s start building your cyber resilience together.
Cyber Essentials Plus is for business owners who want the highest level of cyber security assurance available within the Cyber Essentials scheme. If you want independent verification that your security controls are working, rather than relying only on self assessment, Plus is the recommended route.
It is particularly important for companies bidding for UK Government contracts, working with the Ministry of Defence, supplying larger organisations, or handling sensitive customer data. Cyber Essentials Plus is recommended for organisations bidding for UK Government contracts that handle sensitive data because it gives clients and procurement teams greater confidence that your security controls have been tested.
CYBER ESSENTIALS
CYBER ESSENTIALS PLUS
It is also suitable for organisations that already have basic Cyber Essentials certification and want to upgrade. Cyber Essentials is a self-assessment certification, while Cyber Essentials Plus includes an independent technical audit to verify the implementation of security controls. Cyber Essentials Plus provides a higher level of assurance as it includes hands-on testing of security controls, while the basic Cyber Essentials relies on self-assessment.
Many medium sized organisations choose Essentials Plus because clients, insurers or supply chain partners now expect stronger proof of cyber security. Cyber Essentials certification demonstrates a commitment to data protection and cyber security, which can help organisations win new business and enhance their reputation. Organisations with Cyber Essentials certification are listed on the National Cyber Security Centre’s database, providing assurance to clients and partners about their commitment to cybersecurity.
Cyber Essentials Plus is also a sensible choice if you are worried about cyber criminals, common cyber threats, common online threats, commonly experienced cyber attacks, phishing, malware, or the most common online threats affecting day-to-day operations. Businesses implementing the Cyber Essentials controls make 92% fewer cyber insurance claims compared to uncertified businesses.
If your organisation is not yet ready for Plus, we will say so. Basic Cyber Essentials is often the right starting point, and we can help you achieve Cyber Essentials certification first before preparing for the more detailed Plus audit.
A specialist vetted by the National Cyber Security Centre to provide trusted, practical guidance on Cyber Essentials and cyber risk.
After certification, you receive your official Cyber Essentials Plus certificate, valid for 12 months. You can display the certification badge on your website, proposals, and marketing materials, and your business will be listed on the National Cyber Security Centre database, reassuring clients and suppliers of your cyber security commitment.
Eligible businesses with turnover under £20 million may access free Cyber Liability Insurance and incident response support, providing extra protection if issues arise.
Beyond technical benefits, Cyber Essentials certification enhances your reputation, aiding supplier onboarding, tender responses, and government contract opportunities. The five technical controls reduce risks from cyber attacks, malware, weak passwords, unpatched software, poor firewall settings, and unauthorised access. With Cyber Essentials Plus, these controls are independently tested and verified.
After achieving basic Cyber Essentials certification, your organisation holds a Cyber Essentials certificate valid for 12 months. You can use this certification to demonstrate your commitment to cyber security and meet many supplier and contractual requirements. While basic certification relies on self-assessment, it provides a solid foundation for protecting against approximately 80% of the most common cyber attacks. Many businesses use this as a starting point before progressing to Cyber Essentials Plus for greater assurance.
We continue to support you post-certification, helping maintain compliance as your business evolves. Annual renewal is simpler when good security practices are upheld year-round. Our ongoing advice, monitoring, and support ensure your controls stay effective and ready for future assessments.
If you are considering Cyber Essentials certification or Cyber Essentials Plus, book a free consultation with We Do Your IT. We will talk through your business, your current IT systems, your client or contract requirements, and whether Plus is the right route for you.
Our NCSC-assured Cyber Advisors will explain the certification process and will help you understand the difference between basic certification and Essentials Plus, what the self assessment questionnaire involves, what the technical audit checks, and what preparation may be needed before you apply.
If Cyber Essentials Plus is the right option, we will map out the journey from initial gap analysis to remediation, certification and annual renewal. If basic Cyber Essentials certification is a better starting point, we will tell you that too.
Book your free 30-minute consultation today and take the first step towards achieving robust, independently verified cyber security for your business.
There is nothing more annoying than an IT glitch that stops you working efficiently. However, knowing you have access to immediate attention to the glitch and a solution to it, is very reassuring and that is provided by We Do Your IT. We have so appreciated the availability and response given by the team at We Do Your IT, enabling us to remain a productive firm.
Richard Sharp – Sharp Family Law
There is nothing more annoying than an IT glitch that stops you working efficiently. However, knowing you have access to immediate attention to the glitch and a solution to it, is very reassuring and that is provided by We Do Your IT. We have so appreciated the availability and response given by the team at We Do Your IT, enabling us to remain a productive firm.
Richard Sharp – Sharp Family Law