Cyber Essentials certification
A UK government-backed scheme that protects your business against the most common cyber attacks — and proves to customers, partners and regulators that you take security seriously.
What is Cyber Essentials?
Cyber Essentials is a certification scheme backed by the National Cyber Security Centre (NCSC). It sets out a baseline of five technical controls that, when properly implemented, stop the vast majority of internet-based attacks.
For small and medium businesses it is the most practical first step in cyber security — affordable, well understood, and increasingly expected by customers and supply chains. Network Fish guides London businesses through both Cyber Essentials and Cyber Essentials Plus, from gap assessment to certificate.
The five core controls
Get these right and you close the door on most common attacks. We assess, remediate and maintain each one across your devices and cloud services.
Firewalls
Secure your internet connection so only safe, necessary traffic reaches your network and devices.
Secure configuration
Set up devices and software to reduce vulnerabilities and provide only the services you actually need.
User access control
Ensure staff only have access to the data and services they need, with admin rights tightly managed.
Malware protection
Defend against viruses and other malicious software across every one of your devices.
Security update management
Keep devices and software patched and up to date with the latest supported versions.
Cyber Essentials vs Cyber Essentials Plus
Choose the level of assurance that fits your business. We prepare you for either — and manage the whole process.
Cyber Essentials
A verified self-assessment of your controls against the five-control standard. The fastest, most cost-effective route to certification and a strong security baseline.
Cyber Essentials Plus
Everything in Cyber Essentials, plus a hands-on technical audit by a certified assessor — the highest level of assurance, and often required for larger contracts.
Why get certified?
Win more business
Certification is now required for many UK government and supply-chain contracts.
Reassure customers
Show clients and partners that their data is protected by a recognised standard.
Reduce your risk
Close the door on phishing, malware and unauthorised access before they cost you.
Support insurance
Many cyber insurance policies look for Cyber Essentials as a baseline requirement.
How Network Fish helps
- Gap assessment. We review your devices, cloud services and Microsoft 365 against the five controls and show you exactly where you stand.
- Remediation. We fix the gaps — firewalls, configuration, access, malware protection and patching — with minimal disruption.
- Certification. We guide you through the assessment (or the Plus audit) all the way to your certificate.
- Stay compliant. With ongoing managed IT support, we help you keep your certification year after year.
Common questions
What is Cyber Essentials certification and who needs it?
Cyber Essentials is a UK Government-backed certification scheme that demonstrates an organisation has basic cyber security controls in place. It covers five technical areas: boundary firewalls, secure configuration, user access control, malware protection, and patch management.
Any organisation that supplies the UK Government must hold Cyber Essentials certification. It is also increasingly required by local authorities, housing associations, NHS trusts, and large private sector businesses as a condition of supplier contracts. Cyber insurance policies increasingly reference it.
What is the difference between Cyber Essentials and Cyber Essentials Plus?
Cyber Essentials is a self-assessed certification. The applicant completes a questionnaire confirming their controls meet the required standard, which is then verified by a certifying body.
Cyber Essentials Plus includes everything in Cyber Essentials but adds an independent technical audit of the organisation’s systems by an accredited assessor. Cyber Essentials Plus provides stronger assurance and is required for some higher-value government contracts and certain sectors including defence supply chain.
How long does it take to get Cyber Essentials certified?
With Network Fish managing the process, most London SMEs achieve Cyber Essentials certification within two to four weeks of the initial gap assessment. The timeline depends on how many of the five technical controls require remediation before submission.
Cyber Essentials Plus takes three to six weeks due to the additional independent technical audit. Both certifications must be renewed annually.
How much does Cyber Essentials certification cost?
For Network Fish managed support clients, Cyber Essentials readiness is included as part of your contract at no extra charge. This covers the gap analysis against the five CE technical controls, hands-on remediation guidance, and support through the certification process end-to-end. The only additional cost is the certifying body fee — approximately £300 for Cyber Essentials — payable directly to the certifying body. Annual renewal is available from £300 + VAT per year.
For businesses not on a managed support contract, Network Fish charges from £400 + VAT for a standalone Cyber Essentials gap assessment, and from £800 + VAT for full assisted certification including remediation guidance, for organisations with up to ten users. Cyber Essentials Plus starts from £1,200 + VAT. Certifying body fees for CE Plus are approximately £400 to £500, payable directly to the certifying body.
Can Cyber Essentials reduce cyber insurance premiums?
Yes. Many UK cyber insurance providers offer reduced premiums to organisations that hold valid Cyber Essentials certification, because certification demonstrates that baseline security controls are in place. The reduction varies by insurer and policy, but businesses are encouraged to provide their certificate to their broker when renewing or taking out a cyber insurance policy.
Network Fish can provide a Cyber Insurance Readiness Report as an optional add-on that addresses standard insurer technical questionnaires.
Does Cyber Essentials certification expire?
Yes. Cyber Essentials certification is valid for twelve months and must be renewed annually. Network Fish offers an annual renewal service that includes a pre-renewal gap check, any remediation work required, questionnaire preparation, and submission management. Clients on a Complete Care support contract receive an annual Cyber Essentials gap check as part of their package.
What is the difference between a Cyber Essentials gap assessment and full certification?
A gap assessment reviews an organisation’s current IT environment against the five Cyber Essentials controls and produces a written report — RAG-rated Red, Amber, Green per control — identifying what needs to be fixed before the organisation can be certified. It does not result in a certificate.
Full assisted certification includes the gap assessment, remediation of identified issues, preparation and submission of the certification questionnaire, and liaison with the certifying body through to the issue of the certificate.
Ready to get Cyber Essentials certified?
Talk to a real engineer about where your business stands today — no jargon, no obligation.
Talk to us →