Do I need Cyber Essentials Basic or Cyber Essentials Plus Certification?

Cyber Essentials Plus

You’re ready to improve the cybersecurity of your business but don’t know if you should seek out the Cyber Essentials Basic or Cyber Essentials Plus certification. What are the differences? Why bother with Plus? And how do you meet the requirements for certification?

Do not stress. We are here to answer all of those questions and help clear things up for you so you can get back to focusing on growing your business securely.

What is Cyber Essentials Plus?

Just in case you’re new to Cyber Essentials, let us catch you up. Cyber Essentials is a self-assessment cyber security check that helps you to protect your business and data from 80% of the most common cyber attacks.

This is done by assessing your devices, software, systems, and more against 5 key controls – we’ll go into that a bit more later. There are two levels of Cyber Essentials Certification: Basics and Plus.

Cyber Essentials Plus takes the Cyber Essentials Basics certification and adds a round of extensive vulnerability testing to help improve your security even more. As well as test the efficacy of your current practices.

What are the differences between Cyber Essentials Basic and Cyber Essentials Plus?

Cyber Essentials Basic is just the self-assessment part of the process. This can be done internally or, ideally, you’ll work with a Cyber Essentials Consultant or team to help you get it done.

Cyber Essentials Plus on the other hand also involves a hands-on assessment of the security measures you have put in place. Which will include vulnerability testing, testing firewalls, assessing processes, software management, etc.

This does need to be done with help from an outside IT support provider or security consultancy. For example, we offer this as part of our wider Cyber Essentials service, which means you can sit back and relax. Safe in the knowledge that your network, systems, and devices will be up to scratch by the time we are done.

The beauty of bringing in cyber security experts to help with your assessment is that we can fix as we go. And we cover the whole assessment process for you which makes like a whole lot easier.

Why bother with Cyber Essentials Plus?

Many small to medium-sized businesses don’t believe they have systems or data worth attacking. But 43% of cyber attacks in 2022 were made against small businesses. And this leaves them incredibly vulnerable to cyber attacks that could cost an awful lot of money and damage their reputation.

Here are 5 key benefits of Cyber Essentials certification:

  1. Expand your client base
    Being certified is mandatory to work with a lot of larger organisations in highly regulated industries and with central government, the Ministry of Defence (MOD), and many public sector organisations. So why close yourself off by not being certified?
  2. More time and cost-effective than other certifications
    Cyber Essentials is an ideal alternative to broader and more stringent certifications like ISO 27001. The self-assessment format makes it a lot easier to go through, especially if you’re working with a team like ours to sort the assessment on your behalf. And it is less expensive.
  3. Protection against 80% of the most common cyber attacks
    Ultimately, it’s going to help you mitigate business risk and protect you against malware, ransomware, and a whole host of other common cybersecurity threats. This on its own makes it well worth the relatively small investment.
  4. Improve your reputation
    Having a certification like Cyber Essentials in place proves to your prospects and clients that you can be trusted with their data. Whether you are offering technology, services, products, or a combination of all three, protecting their data and business will be at the forefront of many buying decisions from your customers.
  5. Greater oversight of your tech and defences
    Tech is essential for the vast majority of businesses. And it’s always good to have a clearer picture of what you have in place, what you need, and how it all works. You don’t need to know the technical ins and outs of your entire network to appreciate the peace of mind that comes with having everything certifiably secure.

How does the Cyber Essentials Plus certification process work?

Getting the Cyber Essentials Certification is a simple 5-step process:

  1. We run a gap analysis – according to the five controls you need to pass in order to get the certification.
  2. We sort the self-assessment for you – so you don’t need to worry about all of that extra admin.
  3. Self-assessment passed and complete – because we’ll have done the gap analysis, helped you sort out any issues, and then completed the self-assessment for you, you’ll pass with no problem.
  4. Shout it from the rooftops – you tell everyone that you are Cyber Essentials certified and add the logo to your website. Plus you’ll be listed IASME’s directory of organisations awarded the certification.
  5. Ongoing support – we can provide ongoing maintenance of your cyber security to ensure your certification doesn’t expire and run regular audits to help keep everything in check

For the Cyber Essentials Plus Certification, we will also conduct the vulnerability testing as the additional, hands-on proof that you have completed the assessment and met the criteria as needed.

Recommended reading: Cyber Essentials Consultancy: How We Can Help You Get Certified

Cyber Essentials checklist

We’ve also put together an in-depth guide to getting certified. We cover a quick overview of the Cyber Essentials checklist as well as a closer look at what each step means on a practical level.

Read the Cyber Essentials Checklist guide here

If you are looking for a hand with your Cyber Essentials Certification or have any more questions about it, please get in touch with the team.