Cyber Essentials – who is using it, what is it and do I need it?

If you’re looking for a way to enhance your business’s cyber protection, a Cyber Essentials certification is a great option. This Government-backed scheme is designed to help organisations of all sizes protect themselves against a variety of the most common cyberattacks.

Most cyberattacks are carried out by relatively unskilled people, but vulnerability to simple attacks can flag you as a target for potentially more dangerous attacks from cyber criminals and others. Attackers are looking for businesses or charities that don’t have the Cyber Essentials barrier in place, so it’s a simple and effective option to give you security and peace of mind.

There are two levels of certification available, depending on how much protection your business requires:

Cyber Essentials

Cyber Essentials is a self-assessment option that protects your organisation against a range of the most common cyberattacks. If you are a business, charity or sole trader that deals with customers or partners, it can offer them peace of mind that you have taken steps to address cybersecurity, and you can be featured on the IASME list of Cyber Essentials certified businesses.

Cyber Essentials Plus

Cyber Essentials Plus is still simple in its approach, giving you the same protections as Cyber Essentials, but a hands-on technical verification is also carried out with this option. This is regularly asked for when tendering for private sector work and now a requirement for public sector bids.

What about IASME Governance?

The IASME Governance standard was developed as an affordable and achievable alternative to the international standard, ISO 27001.

IASME Governance allows SMEs to demonstrate their level of cyber security for a realistic cost and includes a Cyber Essentials assessment and GDPR requirements. It is available either as a self-assessment or on-site audit, you can find out more on their website.

Who is using it?

· Not for profits

· Small businesses, hairdressers, retailers, restaurants, professional services

· Sole traders

· Large companies

· Local authorities

If you are interested in becoming Cyber Essentials certified, you can find an IASME-approved list of Cyber Essentials and Cyber Essentials Plus certifying bodies in the East Midlands region on our Trusted Partners page.

The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.