Cyber Essentials FAQs

Fourtifys’ Cyber Essentials FAQs – following the latest comments from Julia Lopez MP, Cyber Minister advising: “We want all organisations in the UK to be working towards Cyber Essentials” we thought it might be prudent to provide some FAQs we receive from time to time. We hope the list below answers any questions you may have, however as always you can reach the team on hello@fourtify.co.uk if you would like to know more.

What is Cyber Essentials / What is Cyber Essentials Plus?

Cyber Essentials Certification was developed by the National Cyber Security Council to encourage businesses to implement and manage five technical controls designed to ensure maximum protection for your business against the most common internet-based-threats.

Cyber-attacks come in many shapes and sizes, but the vast majority are very basic in nature and carried out by relatively unskilled individuals or actors. They’re the digital equivalent of a thief trying your front door to see if it’s unlocked. Cyber Essentials is designed to prevent such attacks occurring to your business.

Cyber Essentials is available in two levels of Certification:

Cyber Essentials

The self-assessment option gives you protection against a wide variety of the most common cyber attacks. This is important because vulnerability to basic attacks can mark you out as target for more in-depth unwanted attention from cyber criminals and others.

Certification gives you peace of mind that your defences will protect against the vast majority of common cyber attacks simply because these attacks are looking for targets which do not have the Cyber Essentials technical controls in place.

Cyber Essentials shows you how to address those and prevent the most common attacks.

Cyber Essentials Plus

Cyber Essentials Plus still has the Cyber Essentials trademark simplicity of approach, and the protections you need to put in place are the same, but for Cyber Essentials Plus a hands-on technical verification is carried out. A certification body will carry out a Vulnerability Assessment against your organisation based on your response to confirm you have implemented the controls correctly and meet the standards requirements.

How long does it take to get Cyber Essentials Certified after submission?

From the date you submit your application, Certification Bodies and IASME aim to return the results within 1 – 2 business days.

Is Cyber Essentials worth it?

By implementing the controls of Cyber Essentials and achieving certification, you are protecting your business against an estimated 80-90% of internet-based threats. The five technical controls have been designed to protect your business with maximum efficiency whilst maintaining an approach which is achievable for organisations of all sizes.

What does Cyber Essentials cover?

Cyber Essentials covers 5 technical controls which include:

• Boundary Firewalls
• Secure Configuration
• User Access Control
• Malware Protection
• Security Update Management

How much does Cyber Essentials cost?

There is a tiered structure for Cyber Essentials Certification (Verified Self-Assessment). Depending on the size of your organisation and whether you require additional support from a Certification Body such as Fourtify: Prices start from:

• 0-9 Employees | £300.00 + VAT
• 10 – 49 Employees | £400.00 + VAT
• 50 – 249 Employees | £450.00 +VAT
• 250+ Employees | £500.00 +VAT

How long does Cyber Essentials last?

Cyber Essentials Certification lasts for 1 year from date of certification.

We’re not based in the UK – can we still apply?

YES! International organisations can also achieve Cyber Essentials Certification.

How many companies have Cyber Essentials?

It’s estimated that over 30,000 organisations currently hold Cyber Essentials however this growing year on year.

How do I check if a company holds a valid Cyber Essentials Certificate?

You can search for valid certifications achieved by organisations in the last 12 months here: Cyber Essentials Certificate Search