This website uses cookies. View our cookie policy

Cyber Essentials


What is Cyber Essentials?

Cyber Essentials is a cyber security certification scheme that sets out a good baseline of cyber security suitable for all organisations in all sectors. The scheme addresses five key controls that, when implemented correctly, can prevent around 80% of cyber attacks.


Why do you need Cyber Essentials?

With Cyber Essentials you can focus on your core business objectives, knowing that you’re protected from the vast majority of common cyber attacks. You will also be able to drive business efficiency, save money and improve productivity by streamlining processes.

Achieving certification will also help you to address other compliance requirements such as the EU General Data Protection Regulation.

Demonstrate security

Demonstrate to clients, insurers, investors and other interested parties that you have taken the precautions necessary to reduce cyber risks.

Increase opportunities

Be able to bid for contracts that involve the handling of personal and sensitive information, and increase your chances of securing business.

Save money

Insurance agencies look favourably on organisations with Cyber Essentials, resulting in lower insurance premiums.



The two levels of certification

There are two levels of Cyber Essentials certification available to your organisation: Cyber Essentials and Cyber Essentials Plus.

Cyber Essentials

The Cyber Essentials certification process includes a self-assessment questionnaire (SAQ) and an external vulnerability scan.

Cyber Essentials Plus

Cyber Essentials Plus certification includes all of the assessments for the Cyber Essentials certification but includes an additional internal scan and an on-site assessment.


The five key controls


Secure configuration


Boundary firewalls and Internet gateways


Access controls and administrative privilege management


Patch management


Malware protection



How to get certified

We have developed three fixed-price packaged solutions: Do It Yourself, Get A Little Help, and Get A Lot Of Help to support certification to either Cyber Essentials or Cyber Essentials Plus at a pace and for a budget that suits you.


Why choose IT Governance for Cyber Essentials certification?

IT Governance is the leading CREST-accredited certification body, and has awarded hundreds of certifications, with many more companies achieving certification every day. Cyber Essentials clients include companies such as Vodafone, Airbus Defence and Space Ltd, Action for Children, and ELEXON. 

  • You can conduct the entire certification process online, without any expert cyber security knowledge, with our CyberComply portal.

  • We provide all of the tools and resources needed to achieve CREST-accredited certification at both levels of the Cyber Essentials scheme.

  • We deliver all of the technical tests and assessments, conducted by our experienced, CREST-accredited testers.

  • By choosing a CREST-accredited certification body like IT Governance, you will benefit from the added level of independent verification of your cyber security status provided by an external vulnerability scan. Non-CREST-accredited certification bodies issue certificates purely on the submission of a self-assessment questionnaire, without assessing the status of the client’s networks and applications.


Completely new to Cyber Essentials?


Begin your journey towards certification today – use our very own pocket guide to give you a basic understanding of the Cyber Essentials scheme. Buy your pocket guide today.


Background of the Cyber Essentials scheme

  • Cyber Essentials delivers the basic controls that all organisations should implement to mitigate the risk from common Internet-based threats.

  • The scheme provides a mechanism for organisations to demonstrate to customers, investors, insurers and others that they have taken essential precautions to secure against the majority of cyber risks.

The scheme is backed by major industry players including BAE Systems, Lockheed Martin, Barclays and Hewlett-Packard.

The Cyber Essentials scheme is increasingly popular within the private sector; more than 1,200 organisations have adopted the scheme to date. Insurance firms have recognised that Cyber Essentials certification is a valuable indicator of a mature approach to cyber security and, Cyber Essentials certification can also contribute to the reduction of risk.