Cyber Essentials: The Ultimate Guide For SMEs


If protecting your business from cybercrime seems complicated, confusing, and expensive, you might prefer to ignore the risks and hope that the cybercriminals never come knocking on your door. Unfortunately, the risks to your business are just too big to overlook!


SMEs are being specifically targeted by cybercriminals, and a cyberattack would be more than just an inconvenience – it could cause serious disruption to your operations.

For example, your systems, files, and data could all be paralysed, meaning that staff can’t get on with their jobs and customers can’t buy from you. Potentially, this could result in you losing revenue for days or even weeks.

The other huge impact a cyber-attack can have is the possible long-term reputational damage it could cause your business.

If staff, client, or public data were lost or stolen, how would you explain this? Could people trust you to store their data again? SMEs in particular struggle with any level of client churn, and repairing a damaged reputation can take years.

Thankfully, even if your budget is tight, there are ways to boost your cybercrime defences, identify the best antivirus to use,  and protect your business.

Enter Cyber Essentials

Cyber Essentials is a UK Government information/data assurance scheme operated by the National Cyber Security Centre (which is part of GCHQ) that encourages organisations to adopt good practices around data security.

Cyber Essentials has been designed by the government to make it easy for you to protect your organisation against common cyber threats.

Established in 2014, Cyber Essentials was created to help SMEs reduce their risk to the most common cyberattacks, and so far it has helped decrease this risk by a massive 80%.

The key benefits of becoming Cyber Essentials Certified are:

You can identify your organisation’s cyber vulnerabilities, allowing you to take proactive action to protect your business from cybercrime

You will be in a position to win new business! Being Cyber Essentials Certified is now a mandatory requirement for public sector/government contracts that involve the transfer of personal data

You will reassure your customers and suppliers that you take cybersecurity seriously, giving them peace of mind that they are in safe hands when dealing with you 

There are two levels of certification that your business can apply for:

Cyber Essentials (Basic)

The standard Cyber Essentials Certification is a self-assessment questionnaire and is reviewed externally.

It has 5 baseline checks which are as follows:

Boundary firewalls and internet access gates
Protect against malware
Managing updates
Secure setup
Controlled access

Cyber Essentials starts from just £299 per year.

Cyber Essentials Plus

This includes all the assessment for the Cyber Essentials Certification, but system tests are carried out by an external certifying body and include an internal scan and an on-site assessment of your infrastructure – specifically focusing on workstations and mobile devices.

It has the same requirements as the basic certification, but you also need these 5 additional levels of protection:

Secure setup
Command of user access
Protection against malware
Patch management

Cyber Essentials Plus starts at £1,999 per year and is a completely guided process. It includes a dedicated account manager and up to 10% off cyber insurance – offering further peace of mind should your business need it.

Certification for both Cyber Essentials (Basic) and Cyber Essentials Plus lasts 12 months from completion.

By having a Cyber Essentials Certification, you not only protect your business against 80% of cyberattacks, but you also make yourself eligible to work with a wider range of customers and suppliers.

If you’d like to find out more, give our experts a call!

Article by Sarah Bailey of Bluegrass Group

Leave a Comment

Your email address will not be published.

This website uses cookies to ensure you get the best experience