In a nutshell
Cyber Essentials is a UK government scheme covering five technical controls that block around 80% of common cyber attacks. Cyber Essentials Plus adds a hands-on technical audit.
The case for action
Why your organisation needs Cyber Essentials
The upside
What your organisation gains
Unlock UK central government and MOD contracts that require it.
Lower cyber-insurance premiums and qualify for free liability cover.
Block around 80% of common internet-borne attacks.
Signal trust to enterprise buyers in weeks, not months.
Scope
Who it covers — and where
Who it applies to
Any UK organisation. Often mandatory for central government contracts and increasingly demanded by enterprise buyers.
Where it applies
United Kingdom — but recognised internationally as a trusted baseline.
Timing
When you need to act
Certification is valid for 12 months and must be renewed annually.
The path forward
Your roadmap to compliance
A practical journey — not a bureaucratic checklist. Tackle these stages in order and you'll move from "we should look into this" to ready.
- 1
Scope what's in (whole organisation is recommended).
- 2
Implement the five controls: firewalls, secure configuration, user access control, malware protection, security update management.
- 3
Complete the IASME self-assessment questionnaire.
- 4
Submit for review by a Cyber Essentials assessor.
- 5
For CE Plus, book an on-site/remote technical audit within 3 months.
Reality check
Common struggles (and how to fix them)
The struggle
BYOD and home devices break the scope.
The fix
Use a clear acceptable use policy or supply company devices for in-scope users.
The struggle
Unsupported software in the estate.
The fix
Run an inventory before applying — replace or segregate end-of-life software.
Quick answers
Frequently asked questions
Need a head start on Cyber Essentials?
Use our ready-to-go tools and templates to skip the blank page.
Browse the storeRate this guide
Be the first to rate.