Cyber Essentials and Cyber Essentials Plus: What you need to know

Cyber Essentials and Cyber Essentials Plus are Government-backed schemes available for any business that wants to ensure that their networks are protected against common cyber threats.
This AAG guide will explain everything you need to know about Cyber Essentials, including how to apply for these schemes.
By taking the time to understand and implement these measures, you can help keep your business safe from cyber attacks.
What are Cyber Essentials and Cyber Essentials Plus?
Cyber Essentials and Cyber Essentials Plus are certification schemes that show that an organisation has taken the necessary steps to protect itself from online threats.
Cyber Essentials demonstrates a basic level of protection, while Cyber Essentials Plus is a more comprehensive scheme. To get certified, businesses must complete a self-assessment and, for Cyber Essentials Plus, pass an external vulnerability assessment.
Cyber Essentials is a voluntary scheme, but many businesses choose to become certified as it demonstrates a commitment to taking cyber security seriously. In some cases, certifying under Cyber Essentials can also help businesses win tenders and contracts.
Indeed, if your business wants to bid for Government contracts, especially anything that involves handling personal and sensitive information, you will need Cyber Essentials Certification.
If you’re considering certifying under Cyber Essentials, this guide will tell you about the benefits of certification, the certification process, and how to maintain your certification.

The benefits of Cyber Essentials certification
There are many benefits of becoming certified under Cyber Essentials, including:
Showing your commitment to cyber security
Certification under Cyber Essentials demonstrates to your customers, clients and partners that you take online security seriously. This can help you win new business and build trust with your existing clients.
Protecting against the most common cyber attacks
The Cyber Essentials scheme helps businesses protect themselves against the most common cyber attacks. This includes attacks that exploit weak passwords, out-of-date software and unpatched vulnerabilities.
Saving money
By implementing the controls required for Cyber Essentials certification, businesses can save money on cyber security. This is because they will be less likely to suffer from a cyber attack, which can be costly to clean up and recover from.
Improving your cyber security posture
The scheme helps businesses to improve their overall cyber security posture. This makes it more difficult for attackers to target your business and increases your resilience to attacks. This also helps to inspire confidence from customers and partners.
Open up new business opportunities
Cyber Essentials demonstrates an awareness of cyber threats and a willingness to take the necessary measures to protect data. As such, many tenders now require businesses to be certified under Cyber Essentials to bid.
What measures do businesses need to take?
There are five key areas that businesses need to address to be certified:
- Boundary firewalls and internet gateways
- Secure configuration
- User access control
- Malware protection
- Patch management
For more detailed information on each of these areas, please see the Cyber Essentials website.

The importance of cyber security
As our reliance on technology grows, so too does the threat of cyber crime. A simple glance at the rising rate of cyber crime stats, shows how the threat landscape is increasing and expanding. Cyber attacks can have a devastating impact on businesses, large and small. They can result in financial loss, reputational damage and even legal action.
That’s why all businesses need to take steps to protect themselves from online threats.
By implementing the measures outlined in Cyber Essentials, businesses can make themselves less likely to be successfully attacked.
So, if you’re not already doing so, we urge you to take action now to improve your cyber security and protect your business from harm.
How can AAG help?
AAG can help your business become certified under Cyber Essentials and Cyber Essentials Plus schemes. We can guide you through the self-assessment process and provide expert advice on how to improve your cyber security.
How to apply for Cyber Essentials
The first step towards certification is to visit the Cyber Essentials website and register for an account. You can then access the self-assessment questionnaire, which you will need to complete to become certified.
If you think that your business isn’t quite ready to pass the certification process, there is a useful Cyber Essentials readiness toolkit to create an action plan to meet the requirements.
The benefits of Cyber Essentials Plus
Cyber Essentials Plus is a more comprehensive certification scheme than Cyber Essentials and provides additional protection for businesses. To get certified, businesses must complete a self-assessment and pass an external vulnerability scan.
The benefits of Cyber Essentials Plus include:
- Improved protection against online threats
- Greater confidence from customers and clients
- The ability to win more tenders
- Peace of mind knowing your business is taking cyber security seriously.

Implementation tips for Cyber Essentials and Cyber Essentials Plus
There are several things businesses can do to improve their cyber security and become certified under Cyber Essentials and Cyber Essentials Plus. Here are some implementation tips:
- Use strong passwords and password management systems.
- Keep your software up to date, including your operating system, applications, and firmware.
- Restrict access to data and systems to authorised users only.
- Use a firewall to protect your network and monitor incoming and outgoing traffic.
- Install and run antivirus software to protect against malware.
- Regularly back up your data.
The main reason for using Cyber Essentials
Cyber security is an essential part of doing business in today’s digital age. Businesses that are serious about protecting themselves against online threats should consider becoming certified under Cyber Essentials and Cyber Essentials Plus.
Indeed, cyber security is an important issue for organisations of all sizes and these UK Government-backed schemes will help firms demonstrate their commitment to cyber security and protect themselves against online threats.
FAQs about Cyber Essentials and Cyber Essentials Plus
What is Cyber Essentials?
Cyber Essentials is a self-assessment that demonstrates businesses understand the measures they need to take to defend themselves, and their customers, against online threats.
What is Cyber Essentials Plus?
Cyber Essentials Plus is a more comprehensive scheme than Cyber Essentials, and provides additional protection for businesses. To get certified, businesses must complete a self-assessment and pass an external vulnerability scan.
What are the benefits of Cyber Essentials Plus?
The benefits of Cyber Essentials Plus include improved protection against online threats, greater confidence from customers and clients, the ability to win more tenders – especially Government contracts – and peace of mind knowing your business is taking cybersecurity seriously.
What are the five key areas of Cyber Essentials?
The five key areas that businesses need to address to be certified under Cyber Essentials and Cyber Essentials Plus are boundary firewalls and internet gateways, secure configuration, user access control, malware protection, and patch management.
How does my business apply for Cyber Essentials?
Businesses can become certified under Cyber Essentials by completing a self-assessment and passing an external vulnerability scan (for Cyber Essentials Plus).
Related insights
Browse more articles from our experts and discover how to make better use of IT in your business.

Law Firm Statistics (updated December 2023)
The legal sector is changing. Discover the trends and performance metrics shaping the sector with the latest law firm statistics, updated for December 2023. Read More

The Latest Phishing Statistics (updated December 2023)
As the most common form of cyber crime, phishing affects both individuals and businesses. Find out how attack vectors and trends are developing with the latest phishing statistics. Read More

The Latest Cyber Crime Statistics (updated December 2023)
Read the latest cyber crime statistics, updated for December 2023, and see how the threat landscape has changed in recent years. Read More